CVE-2014-3668

EPSS 0.82% · P75 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3668

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP XMLRPC扩展缓冲区溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。XMLRPC是其中的一个用于实现XML-RPC协议的库。 PHP XMLRPC扩展中的libxmlrpc/xmlrpc.c脚本中mkgmtime实现过程中的‘date_from_ISO8601’函数中存在缓冲区溢出漏洞，该漏洞源于‘xmlrpc_set_type’函数没有充分过滤‘first’参

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-3668

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-3668

请登录查看更多情报信息。

http://linux.oracle.com/errata/ELSA-2014-1767.htmlx_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1768.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlx_refsource_CONFIRM
https://support.apple.com/HT204659x_refsource_CONFIRM
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726ex_refsource_CONFIRM
http://php.net/ChangeLog-5.phpx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1154503x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=68027x_refsource_CONFIRM
http://secunia.com/advisories/61982third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59967third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60630third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/70666vdb-entryx_refsource_BID
http://secunia.com/advisories/61970third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61763third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60699third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3064vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2391-1vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-1766.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1767.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1768.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlvendor-advisoryx_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlvendor-advisoryx_refsource_SUSE
https://nvd.nist.gov/vuln/detail/CVE-2014-3668

Same Patch Batch · n/a · 2014-10-29 · 33 CVEs total

CVE-2014-8533		McAfee Network Data Loss Prevention 任意代码执行漏洞
CVE-2014-6149		IBM Tivoli Application Dependency Discovery Manager 目录遍历漏洞
CVE-2014-4877		GNU Wget 路径遍历漏洞
CVE-2014-4839		IBM TRIRIGA Application Platform 跨站请求伪造漏洞
CVE-2014-3698		Pidgin libpurple 信息泄露漏洞
CVE-2014-3697		Pidgin 绝对路径遍历漏洞
CVE-2014-3696		Pidgin 缓冲区溢出漏洞
CVE-2014-3695		Pidgin libpurple 缓冲区溢出漏洞
CVE-2014-3694		Pidgin libpurple 加密问题漏洞
CVE-2014-3670		PHP EXIF扩展缓冲区溢出漏洞
CVE-2014-3669		PHP 数字错误漏洞
CVE-2014-3051		IBM Tivoli Composite Application Manager for Transactions Internet Service Monitor代理加密问题漏洞
CVE-2014-8537		McAfee Network Data Loss Prevention 信息泄露漏洞
CVE-2014-8536		McAfee Network Data Loss Prevention 信息泄露漏洞
CVE-2014-8535		McAfee Network Data Loss Prevention 安全漏洞
CVE-2014-8534		McAfee Network Data Loss Prevention 拒绝服务漏洞
CVE-2014-8538		Android Hijab Modern应用程序加密问题漏洞
CVE-2014-8532		McAfee Network Data Loss Prevention 安全漏洞
CVE-2014-8531		McAfee Network Data Loss Prevention 加密问题漏洞
CVE-2014-8530		McAfee Network Data Loss Prevention 信息泄露漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-3668

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-3668

I. Basic Information for CVE-2014-3668

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-3668

III. Intelligence Information for CVE-2014-3668

Same Patch Batch · n/a · 2014-10-29 · 33 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-3668

Leave a comment