CVE-2013-4113

PHP 5.3.0-5.3.26 - Out-of-bounds Write via xml_parse_into_struct

Title source: llm

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

References (20)

Core 20

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54071

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1061.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54165

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54104

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html

Various Sources x_refsource_confirm

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5dc07ef271

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2723

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54163

Vendor Advisory x_refsource_confirm

https://bugs.php.net/bug.php?id=65236

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1905-1

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1062.html

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT6150

Vendor Advisory x_refsource_confirm

http://php.net/ChangeLog-5.php

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1050.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1049.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1063.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=983689

Vendor Advisory x_refsource_confirm

http://php.net/archive/2013.php#id2013-07-11-1

Scores

EPSS 0.1902

EPSS Percentile 95.4%

Details

CWE

CWE-787

Status published

Products (1)

php/php 5.3.0 - 5.3.27

Published Jul 13, 2013

Tracked Since Feb 18, 2026