PT-2013-4854 · Php+3 · Php+3

Jan Lieskovsky

Published

2013-07-12

Updated

2024-06-15

CVE-2013-4113

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.27

Description The issue is related to the improper consideration of parsing depth in the ext/xml/xml.c component. This can be exploited by remote attackers using a crafted document processed by the xml parse into struct function, potentially leading to a denial of service (heap memory corruption) or other unspecified impacts.

Recommendations For versions prior to 5.3.27, update to version 5.3.27 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xml parse into struct function until a patch is applied.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CESA-2013_1049

CVE-2013-4113

DSA-2723-1

MGASA-2013-0216

MGASA-2013-0233

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2013:1049

RHSA-2013:1050

RHSA-2013:1061

RHSA-2013:1062

RHSA-2013:1063

RHSA-2013_1049

RHSA-2013_1050

SUSE-SU-2013_1315-1

SUSE-SU-2013_1316-1

Affected Products

Centos

Php

Red Hat

Suse

PT-2013-4854 · Php+3 · Php+3

CVE-2013-4113

Weakness Enumeration

Related Identifiers

Affected Products

References · 178