Description
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2926 Vulnerability (CVE-2020-2926)
WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65)
PHP Improper Input Validation Vulnerability (CVE-2016-4072)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)