[VIM] CVE-2013-4635 SndToJewish / SdnToJewish function name

Christey, Steven M. coley at mitre.org
Mon Jun 24 11:24:47 CDT 2013

Apparently a lot of sources are saying the affected function name in CVE-2013-4635 is "SndToJewish".  This may stem from an apparent typo in the original PHP disclosures.

CVE believes that the correct spelling is "SdnToJewish" which can be seen in the jewish.c source code, e.g.:


If you search for "sdn" in http://www.php.net/ChangeLog-5.php, you will see other functions with a similar "Sdn" prefix.  Here, and elsewhere on the Web, SDN is an acronym for "serial day number," which would make sense because the functions are related to date calculations.

- Steve

More information about the VIM mailing list