CVE-2013-4113
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.614 Medium
EPSS
Percentile
97.8%
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
References
git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5dc07ef271
lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html
php.net/archive/2013.php#id2013-07-11-1
php.net/ChangeLog-5.php
rhn.redhat.com/errata/RHSA-2013-1049.html
rhn.redhat.com/errata/RHSA-2013-1050.html
rhn.redhat.com/errata/RHSA-2013-1061.html
rhn.redhat.com/errata/RHSA-2013-1062.html
rhn.redhat.com/errata/RHSA-2013-1063.html
secunia.com/advisories/54071
secunia.com/advisories/54104
secunia.com/advisories/54163
secunia.com/advisories/54165
support.apple.com/kb/HT6150
www.debian.org/security/2013/dsa-2723
www.ubuntu.com/usn/USN-1905-1
bugs.php.net/bug.php?id=65236
bugzilla.redhat.com/show_bug.cgi?id=983689
Social References
More
Related
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.614 Medium
EPSS
Percentile
97.8%