CVE-2013-3735

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.16 RC1 PHP versions prior to 5.5.0 RC2

Description The issue exists due to insufficient input validation in the Zend Engine component of the PHP programming language interpreter. This can be exploited by a remote attacker to cause a denial of service, resulting in memory consumption and application crash, via a crafted function definition. The attack can be demonstrated within a shared web-hosting environment. It is recommended to use OS-level security by running multiple web servers each as their own user ID for critical security situations.

Recommendations For PHP versions prior to 5.4.16 RC1, update to version 5.4.16 RC1 or later. For PHP versions prior to 5.5.0 RC2, update to version 5.5.0 RC2 or later. As a temporary workaround, consider restricting the use of crafted function definitions to minimize the risk of exploitation.