CVE-2014-8626

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.7

Description The issue is related to a stack-based buffer overflow in the date from ISO8601 function, which can be triggered by including a timezone field in a date. This leads to improper XML-RPC encoding and can cause a denial of service, resulting in an application crash, or potentially allow the execution of arbitrary code.

Recommendations For versions prior to 5.2.7, update to version 5.2.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the date from ISO8601 function until a patch is applied. Avoid including timezone fields in dates to minimize the risk of exploitation.