Description

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

Remediation

References

CVE-2014-8626

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2010-3682)

Moodle CVE-2019-3852 Vulnerability (CVE-2019-3852)

WebLogic CVE-2021-35617 Vulnerability (CVE-2021-35617)

Liferay Portal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5327)

MySQL CVE-2014-6555 Vulnerability (CVE-2014-6555)

Severity

High

Classification

CVE-2014-8626 CWE-119

Tags

Missing Update Known Vulnerabilities