PT-2013-4854 · Php+3 · Php+3

Jan Lieskovsky

Publicado

2013-07-12

Atualizado

2024-06-15

CVE-2013-4113

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.27

Description The issue is related to the improper consideration of parsing depth in the ext/xml/xml.c component. This can be exploited by remote attackers using a crafted document processed by the xml parse into struct function, potentially leading to a denial of service (heap memory corruption) or other unspecified impacts.

Recommendations For versions prior to 5.3.27, update to version 5.3.27 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xml parse into struct function until a patch is applied.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CESA-2013_1049

CVE-2013-4113

DSA-2723-1

MGASA-2013-0216

MGASA-2013-0233

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2013:1049

RHSA-2013:1050

RHSA-2013:1061

RHSA-2013:1062

RHSA-2013:1063

RHSA-2013_1049

RHSA-2013_1050

SUSE-SU-2013_1315-1

SUSE-SU-2013_1316-1

Produtos afetados

Centos

Php

Red Hat

Suse

PT-2013-4854 · Php+3 · Php+3

CVE-2013-4113

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 178