Vigil@nce - PHP: integer overflow of calendar Julian Day Count
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an integer overflow in the calendar
extension of PHP, in order to trigger a denial of service.
Impacted products: PHP
Severity: 2/4
Creation date: 04/02/2015
DESCRIPTION OF THE VULNERABILITY
The gregoriantojd() function of the calendar extension of PHP
converts a date from the Gregorian calendar (current) to a number
of Julian days (since 01/01/-4712). The juliantojd() function
converts a date from the Julian calendar (old). Both functions
call JulianToSdn() to manage the number of Julian days.
However, if the Gregorian/Julian year is too large, an integer
overflow occurs in the JulianToSdn() function.
An attacker can therefore generate an integer overflow in the
calendar extension of PHP, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-integer-overflow-of-calendar-Julian-Day-Count-16108