6.8

CVE-2013-4113

EPSS 19.02%
Published 13.07.2013 13:10:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version >= 5.3.0 < 5.3.27

Php ≫ Php Version >= 5.4.0 < 5.4.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.02%	0.951

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://support.apple.com/kb/HT6150

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/54104

Third Party Advisory

http://www.ubuntu.com/usn/USN-1905-1

Third Party Advisory

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5dc07ef271

http://php.net/ChangeLog-5.php

Vendor Advisory

http://php.net/archive/2013.php#id2013-07-11-1

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1049.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1050.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1061.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1062.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1063.html

Third Party Advisory

http://secunia.com/advisories/54071

Third Party Advisory

http://secunia.com/advisories/54163

Third Party Advisory

http://secunia.com/advisories/54165

Third Party Advisory

http://www.debian.org/security/2013/dsa-2723

Third Party Advisory

https://bugs.php.net/bug.php?id=65236

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=983689

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2013-4113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4113

EUVD