Vigil@nce - PHP: denial of service via parse_iso_intervals
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can provide a malformed date to parse_iso_intervals of
PHP, in order to trigger a denial of service.
– Impacted products: Debian, PHP
– Severity: 2/4
– Creation date: 02/12/2013
DESCRIPTION OF THE VULNERABILITY
The Date library of PHP supports durations expressed in the format
ISO 8601. For example, "P2Y3M" means two years and three months.
The ext/date/lib/parse_iso_intervals.c file decodes a period and
stores it in a DateInterval object. However, if one of the types
(YWDHSM) is unknown, an error occurs, and the function continues
to read after the end of data.
An attacker can therefore provide a malformed date to
parse_iso_intervals of PHP, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-denial-of-service-via-parse-iso-intervals-13848