CVE-2013-4113

 

Published at: - 13-07-2013 03:10

Last modified: - 16-08-2022 03:29

Total changes: - 2

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271
• https://bugs.php.net/bug.php?id=65236
• http://php.net/archive/2013.php#id2013-07-11-1
• https://bugzilla.redhat.com/show_bug.cgi?id=983689
• http://php.net/ChangeLog-5.php
• RHSA-2013:1049-Third Party Advisory
• RHSA-2013:1050-Third Party Advisory
• SUSE-SU-2013:1285-Mailing List, Third Party Advisory
• DSA-2723-Third Party Advisory
• 54165-Third Party Advisory
• 54163-Third Party Advisory
• 54071-Third Party Advisory
• RHSA-2013:1061-Third Party Advisory
• SUSE-SU-2013:1316-Mailing List, Third Party Advisory
• RHSA-2013:1063-Third Party Advisory
• USN-1905-1-Third Party Advisory
• 54104-Third Party Advisory
• RHSA-2013:1062-Third Party Advisory
• SUSE-SU-2013:1315-Mailing List, Third Party Advisory
• http://support.apple.com/kb/HT6150

 

Keywords

NVD

 

CVE-2013-4113

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures