CVE-2014-8626

Name: CVE-2014-8626
Creator: NVD / NIST
Published: 2014-11-23T02:59:00.087+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.78%

Last modified Jun 17, 2026

CVE-2014-8626 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.. EPSS estimates a 5.78% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

Metrics

EPSS Probability

5.78%

92.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Php	Php	<= 5.2.6
Php	Php	5.2.0
Php	Php	5.2.1
Php	Php	5.2.2
Php	Php	5.2.3
Php	Php	5.2.4
Php	Php	5.2.5

References

Timeline

Published: Nov 23, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-8626?

How severe is CVE-2014-8626?

Severity scoring for CVE-2014-8626 is pending analysis. The EPSS model estimates a 5.78% probability of exploitation in the next 30 days.

How do I fix CVE-2014-8626?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-8626?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST