CVE-2013-4248

Summary

CVE	CVE-2013-4248
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-08-18 02:52:00 UTC
Updated	2023-11-07 02:16:00 UTC
Description	The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	10.04	-	lts	All
Operating System	Canonical	Ubuntu Linux	12.04	-	lts	All
Operating System	Canonical	Ubuntu Linux	12.10	All	All	All
Operating System	Canonical	Ubuntu Linux	13.04	All	All	All
Operating System	Canonical	Ubuntu Linux	10.04	-	lts	All
Operating System	Canonical	Ubuntu Linux	12.04	-	lts	All
Operating System	Canonical	Ubuntu Linux	12.10	All	All	All
Operating System	Canonical	Ubuntu Linux	13.04	All	All	All
Application	Php	Php	5.0.0	All	All	All
Application	Php	Php	5.0.0	beta1	All	All
Application	Php	Php	5.0.0	beta2	All	All
Application	Php	Php	5.0.0	beta3	All	All
Application	Php	Php	5.0.0	beta4	All	All
Application	Php	Php	5.0.0	rc1	All	All
Application	Php	Php	5.0.0	rc2	All	All
Application	Php	Php	5.0.0	rc3	All	All
Application	Php	Php	5.0.1	All	All	All
Application	Php	Php	5.0.2	All	All	All
Application	Php	Php	5.0.3	All	All	All
Application	Php	Php	5.0.4	All	All	All
Application	Php	Php	5.0.5	All	All	All
Application	Php	Php	5.1.0	All	All	All
Application	Php	Php	5.1.1	All	All	All
Application	Php	Php	5.1.2	All	All	All
Application	Php	Php	5.1.3	All	All	All
Application	Php	Php	5.1.4	All	All	All
Application	Php	Php	5.1.5	All	All	All
Application	Php	Php	5.1.6	All	All	All
Application	Php	Php	5.2.0	All	All	All
Application	Php	Php	5.2.1	All	All	All
Application	Php	Php	5.2.10	All	All	All
Application	Php	Php	5.2.11	All	All	All
Application	Php	Php	5.2.12	All	All	All
Application	Php	Php	5.2.13	All	All	All
Application	Php	Php	5.2.14	All	All	All
Application	Php	Php	5.2.15	All	All	All
Application	Php	Php	5.2.16	All	All	All
Application	Php	Php	5.2.17	All	All	All
Application	Php	Php	5.2.2	All	All	All
Application	Php	Php	5.2.3	All	All	All
Application	Php	Php	5.2.4	All	All	All
Application	Php	Php	5.2.5	All	All	All
Application	Php	Php	5.2.6	All	All	All
Application	Php	Php	5.2.7	All	All	All
Application	Php	Php	5.2.8	All	All	All
Application	Php	Php	5.2.9	All	All	All
Application	Php	Php	5.3.0	All	All	All
Application	Php	Php	5.3.1	All	All	All
Application	Php	Php	5.3.10	All	All	All
Application	Php	Php	5.3.11	All	All	All
Application	Php	Php	5.3.12	All	All	All
Application	Php	Php	5.3.13	All	All	All
Application	Php	Php	5.3.14	All	All	All
Application	Php	Php	5.3.15	All	All	All
Application	Php	Php	5.3.16	All	All	All
Application	Php	Php	5.3.17	All	All	All
Application	Php	Php	5.3.18	All	All	All
Application	Php	Php	5.3.19	All	All	All
Application	Php	Php	5.3.2	All	All	All
Application	Php	Php	5.3.20	All	All	All
Application	Php	Php	5.3.21	All	All	All
Application	Php	Php	5.3.22	All	All	All
Application	Php	Php	5.3.23	All	All	All
Application	Php	Php	5.3.24	All	All	All
Application	Php	Php	5.3.25	All	All	All
Application	Php	Php	5.3.26	All	All	All
Application	Php	Php	5.3.27	All	All	All
Application	Php	Php	5.3.3	All	All	All
Application	Php	Php	5.3.4	All	All	All
Application	Php	Php	5.3.5	All	All	All
Application	Php	Php	5.3.6	All	All	All
Application	Php	Php	5.3.7	All	All	All
Application	Php	Php	5.3.8	All	All	All
Application	Php	Php	5.3.9	All	All	All
Application	Php	Php	5.4.0	All	All	All
Application	Php	Php	5.4.1	All	All	All
Application	Php	Php	5.4.10	All	All	All
Application	Php	Php	5.4.11	All	All	All
Application	Php	Php	5.4.12	All	All	All
Application	Php	Php	5.4.12	rc1	All	All
Application	Php	Php	5.4.12	rc2	All	All
Application	Php	Php	5.4.13	All	All	All
Application	Php	Php	5.4.13	rc1	All	All
Application	Php	Php	5.4.14	All	All	All
Application	Php	Php	5.4.14	rc1	All	All
Application	Php	Php	5.4.15	rc1	All	All
Application	Php	Php	5.4.16	rc1	All	All
Application	Php	Php	5.4.2	All	All	All
Application	Php	Php	5.4.3	All	All	All
Application	Php	Php	5.4.4	All	All	All
Application	Php	Php	5.4.5	All	All	All
Application	Php	Php	5.4.6	All	All	All
Application	Php	Php	5.4.7	All	All	All
Application	Php	Php	5.4.8	All	All	All
Application	Php	Php	5.4.9	All	All	All
Application	Php	Php	5.5.0	All	All	All
Application	Php	Php	5.5.1	All	All	All
Application	Php	Php	5.0.0	All	All	All
Application	Php	Php	5.0.0	beta1	All	All
Application	Php	Php	5.0.0	beta2	All	All
Application	Php	Php	5.0.0	beta3	All	All
Application	Php	Php	5.0.0	beta4	All	All
Application	Php	Php	5.0.0	rc1	All	All
Application	Php	Php	5.0.0	rc2	All	All
Application	Php	Php	5.0.0	rc3	All	All
Application	Php	Php	5.0.1	All	All	All
Application	Php	Php	5.0.2	All	All	All
Application	Php	Php	5.0.3	All	All	All
Application	Php	Php	5.0.4	All	All	All
Application	Php	Php	5.0.5	All	All	All
Application	Php	Php	5.1.0	All	All	All
Application	Php	Php	5.1.1	All	All	All
Application	Php	Php	5.1.2	All	All	All
Application	Php	Php	5.1.3	All	All	All
Application	Php	Php	5.1.4	All	All	All
Application	Php	Php	5.1.5	All	All	All
Application	Php	Php	5.1.6	All	All	All
Application	Php	Php	5.2.0	All	All	All
Application	Php	Php	5.2.1	All	All	All
Application	Php	Php	5.2.10	All	All	All
Application	Php	Php	5.2.11	All	All	All
Application	Php	Php	5.2.12	All	All	All
Application	Php	Php	5.2.13	All	All	All
Application	Php	Php	5.2.14	All	All	All
Application	Php	Php	5.2.15	All	All	All
Application	Php	Php	5.2.16	All	All	All
Application	Php	Php	5.2.17	All	All	All
Application	Php	Php	5.2.2	All	All	All
Application	Php	Php	5.2.3	All	All	All
Application	Php	Php	5.2.4	All	All	All
Application	Php	Php	5.2.5	All	All	All
Application	Php	Php	5.2.6	All	All	All
Application	Php	Php	5.2.7	All	All	All
Application	Php	Php	5.2.8	All	All	All
Application	Php	Php	5.2.9	All	All	All
Application	Php	Php	5.3.0	All	All	All
Application	Php	Php	5.3.1	All	All	All
Application	Php	Php	5.3.10	All	All	All
Application	Php	Php	5.3.11	All	All	All
Application	Php	Php	5.3.12	All	All	All
Application	Php	Php	5.3.13	All	All	All
Application	Php	Php	5.3.14	All	All	All
Application	Php	Php	5.3.15	All	All	All
Application	Php	Php	5.3.16	All	All	All
Application	Php	Php	5.3.17	All	All	All
Application	Php	Php	5.3.18	All	All	All
Application	Php	Php	5.3.19	All	All	All
Application	Php	Php	5.3.2	All	All	All
Application	Php	Php	5.3.20	All	All	All
Application	Php	Php	5.3.21	All	All	All
Application	Php	Php	5.3.22	All	All	All
Application	Php	Php	5.3.23	All	All	All
Application	Php	Php	5.3.24	All	All	All
Application	Php	Php	5.3.25	All	All	All
Application	Php	Php	5.3.26	All	All	All
Application	Php	Php	5.3.27	All	All	All
Application	Php	Php	5.3.3	All	All	All
Application	Php	Php	5.3.4	All	All	All
Application	Php	Php	5.3.5	All	All	All
Application	Php	Php	5.3.6	All	All	All
Application	Php	Php	5.3.7	All	All	All
Application	Php	Php	5.3.8	All	All	All
Application	Php	Php	5.3.9	All	All	All
Application	Php	Php	5.4.0	All	All	All
Application	Php	Php	5.4.1	All	All	All
Application	Php	Php	5.4.10	All	All	All
Application	Php	Php	5.4.11	All	All	All
Application	Php	Php	5.4.12	All	All	All
Application	Php	Php	5.4.12	rc1	All	All
Application	Php	Php	5.4.12	rc2	All	All
Application	Php	Php	5.4.13	All	All	All
Application	Php	Php	5.4.13	rc1	All	All
Application	Php	Php	5.4.14	All	All	All
Application	Php	Php	5.4.14	rc1	All	All
Application	Php	Php	5.4.15	rc1	All	All
Application	Php	Php	5.4.16	rc1	All	All
Application	Php	Php	5.4.2	All	All	All
Application	Php	Php	5.4.3	All	All	All
Application	Php	Php	5.4.4	All	All	All
Application	Php	Php	5.4.5	All	All	All
Application	Php	Php	5.4.6	All	All	All
Application	Php	Php	5.4.7	All	All	All
Application	Php	Php	5.4.8	All	All	All
Application	Php	Php	5.4.9	All	All	All
Application	Php	Php	5.5.0	All	All	All
Application	Php	Php	5.5.1	All	All	All
Application	Php	Php	All	All	All	All
Operating System	Redhat	Enterprise Linux	5	All	All	All
Operating System	Redhat	Enterprise Linux	5	All	All	All

References

Reference	Source	Link	Tags
208.43.231.11 Git - php-src.git/commit	CONFIRM	git.php.net
About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 - Apple Support	CONFIRM	support.apple.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
PHP OpenSSL subjectAltName Null Byte Processing Flaw Lets Remote Users Spoof SSL Servers - SecurityTracker	SECTRACK	www.securitytracker.com
USN-1937-1: PHP vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com	Vendor Advisory
openSUSE-SU-2013:1964-1: moderate: update for php5	SUSE	lists.opensuse.org
Debian -- Security Information -- DSA-2742-1 php5	DEBIAN	www.debian.org
'[security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat o' - MARC	HP	marc.info
Security Advisory SA54478 - Debian update for php5 - Secunia	SECUNIA	secunia.com	Vendor Advisory
openSUSE-SU-2013:1963-1: moderate: update for php5	SUSE	lists.opensuse.org
Security Advisory SA54657 - Ubuntu update for php - Secunia	SECUNIA	secunia.com	Vendor Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com	Vendor Advisory
PHP SSL Certificate Validation CVE-2013-4248 Security Bypass Vulnerability	BID	www.securityfocus.com
Security Advisory SA59652 - SUSE update for php5 - Secunia	SECUNIA	secunia.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Vendor Advisory
208.43.231.11 Git - php-src.git/commit		git.php.net
PHP: PHP 5 ChangeLog	CONFIRM	www.php.net
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.