You are here
php: memory corruption in openssl_x509_parse()
Submitted on 16. December 2013 - 14:12 by rischi.
Last update on 16. December 2013 - 17:47.
Last update on 16. December 2013 - 17:47.
IDs:
CVE-2013-6420, CB-K13/1040
Keywords:
php
Description:
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious certificate, which may cause the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
Airlock is not affected because PHP is not used in Airlock.
Resolution:
Airlock protects back-ends by terminating SSL/TLS and never uses untrusted client certificates to establish SSL/TLS sessions with back-ends.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: