VYPR
Unrated severityNVD Advisory· Published Nov 23, 2014· Updated Jun 17, 2026

CVE-2014-8626

CVE-2014-8626

Description

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • PHP/PHP8 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.2.6
    • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    • (no CPE)range: <5.2.7

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.