{
  "threat_severity" : "Low",
  "public_date" : "2013-11-27T00:00:00Z",
  "bugzilla" : {
    "description" : "php: heap-based buffer over-read in DateInterval",
    "id" : "1035670",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1035670"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.", "A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash." ],
  "statement" : "This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-08-06T00:00:00Z",
    "advisory" : "RHSA-2014:1012",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "php53-0:5.3.3-23.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-08-06T00:00:00Z",
    "advisory" : "RHSA-2014:1012",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "php-0:5.3.3-27.el6_5.1"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el7",
    "package" : "php54-php-0:5.4.16-22.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Affected",
    "package_name" : "php55-php",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-6712\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6712" ],
  "name" : "CVE-2013-6712",
  "csaw" : false
}