CVE-2013-2110

MEDIUM

Description

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.

References

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://support.apple.com/kb/HT5880

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/60411

http://www.ubuntu.com/usn/USN-1872-1

https://bugs.php.net/bug.php?id=64879

Details

Source: MITRE

Published: 2013-06-21

Updated: 2016-12-31

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.25 (inclusive)

Configuration 2

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

ID	Name	Product	Family	Severity
80736	Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)	Nessus	Solaris Local Security Checks	critical
79644	F5 Networks BIG-IP : PHP vulnerability (SOL15876)	Nessus	F5 Networks Local Security Checks	medium
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
8008	Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)	Nessus Network Monitor	Web Clients	critical
69878	Mac OS X Multiple Vulnerabilities (Security Update 2013-004)	Nessus	MacOS X Local Security Checks	critical
69877	Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
69764	Amazon Linux AMI : php54 (ALAS-2013-206)	Nessus	Amazon Linux Local Security Checks	medium
69763	Amazon Linux AMI : php (ALAS-2013-205)	Nessus	Amazon Linux Local Security Checks	medium
66877	Ubuntu 13.04 : php5 vulnerability (USN-1872-1)	Nessus	Ubuntu Local Security Checks	medium
66850	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : php (SSA:2013-161-01)	Nessus	Slackware Local Security Checks	medium
66845	FreeBSD : php5 -- Heap based buffer overflow in quoted_printable_encode (59e7163c-cf84-11e2-907b-0025905a4770)	Nessus	FreeBSD Local Security Checks	medium
66843	PHP 5.4.x < 5.4.16 Multiple Vulnerabilities	Nessus	CGI abuses	medium
66842	PHP 5.3.x < 5.3.26 Multiple Vulnerabilities	Nessus	CGI abuses	medium
6866	PHP < 5.3.26 / 5.4.x < 5.4.16 Heap Based Buffer Overflow	Nessus Network Monitor	Web Servers	medium