CVE-2013-4635

EUVD-2013-4491
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.3.25
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.4
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
phpphp
5.3.5
phpphp
5.3.6
phpphp
5.3.7
phpphp
5.3.8
phpphp
5.3.9
phpphp
5.3.10
phpphp
5.3.11
phpphp
5.3.12
phpphp
5.3.13
phpphp
5.3.14
phpphp
5.3.15
phpphp
5.3.16
phpphp
5.3.17
phpphp
5.3.18
phpphp
5.3.19
phpphp
5.3.20
phpphp
5.3.21
phpphp
5.3.22
phpphp
5.3.23
phpphp
5.3.24
phpphp
5.4.0
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.13
phpphp
5.4.14
phpphp
5.4.15
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
lucid
Fixed 5.3.2-1ubuntu4.20
released
precise
Fixed 5.3.10-1ubuntu3.7
released
quantal
Fixed 5.4.6-1ubuntu1.3
released
raring
Fixed 5.4.9-4ubuntu2.2
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html
http://secunia.com/advisories/54104
http://www.attrition.org/pipermail/vim/2013-June/002697.html
http://www.php.net/ChangeLog-5.php
http://www.securitytracker.com/id/1028699
http://www.ubuntu.com/usn/USN-1905-1
https://bugs.php.net/bug.php?id=64895
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html
http://secunia.com/advisories/54104
http://www.attrition.org/pipermail/vim/2013-June/002697.html
http://www.php.net/ChangeLog-5.php
http://www.securitytracker.com/id/1028699
http://www.ubuntu.com/usn/USN-1905-1
https://bugs.php.net/bug.php?id=64895