CVE-2013-4113

MEDIUM

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

References

http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html

http://php.net/archive/2013.php#id2013-07-11-1

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2013-1049.html

http://rhn.redhat.com/errata/RHSA-2013-1050.html

http://rhn.redhat.com/errata/RHSA-2013-1061.html

http://rhn.redhat.com/errata/RHSA-2013-1062.html

http://rhn.redhat.com/errata/RHSA-2013-1063.html

http://secunia.com/advisories/54071

http://secunia.com/advisories/54104

http://secunia.com/advisories/54163

http://secunia.com/advisories/54165

http://support.apple.com/kb/HT6150

http://www.debian.org/security/2013/dsa-2723

http://www.ubuntu.com/usn/USN-1905-1

https://bugs.php.net/bug.php?id=65236

https://bugzilla.redhat.com/show_bug.cgi?id=983689

Details

Source: MITRE

Published: 2013-07-13

Updated: 2014-03-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.26 (inclusive)

Tenable Plugins

View all (41 total)

ID	Name	Product	Family	Severity
102079	Juniper Junos PHP multiple vulnerabilities (JSA10804)	Nessus	Junos Local Security Checks	high
83598	SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1)	Nessus	SuSE Local Security Checks	medium
83477	F5 Networks BIG-IP : PHP vulnerability (SOL15169)	Nessus	F5 Networks Local Security Checks	medium
80736	Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)	Nessus	Solaris Local Security Checks	critical
79288	RHEL 5 : php53 (RHSA-2013:1062)	Nessus	Red Hat Local Security Checks	medium
79287	RHEL 5 / 6 : php (RHSA-2013:1061)	Nessus	Red Hat Local Security Checks	medium
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
75096	openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1)	Nessus	SuSE Local Security Checks	high
8138	Mac OS X < 10.9.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
72688	Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
72687	Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
69770	Amazon Linux AMI : php54 (ALAS-2013-212)	Nessus	Amazon Linux Local Security Checks	medium
69769	Amazon Linux AMI : php (ALAS-2013-211)	Nessus	Amazon Linux Local Security Checks	medium
6999	PHP 5.5.x < 5.5.1 xml.c Buffer Overflow	Nessus Network Monitor	Web Servers	high
69401	PHP 5.4.x < 5.4.19 Multiple Vulnerabilities	Nessus	CGI abuses	medium
6996	PHP 5.4.x < 5.4.18 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
69348	PHP 5.5.x < 5.5.1 xml.c Buffer Overflow	Nessus	CGI abuses	high
69296	SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)	Nessus	SuSE Local Security Checks	high
69295	SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)	Nessus	SuSE Local Security Checks	high
69294	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8086)	Nessus	SuSE Local Security Checks	high
69172	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8647)	Nessus	SuSE Local Security Checks	high
69009	Oracle Linux 4 : php (ELSA-2013-1063)	Nessus	Oracle Linux Local Security Checks	medium
69001	Fedora 17 : php-5.4.17-2.fc17 (2013-12354)	Nessus	Fedora Local Security Checks	medium
69000	Fedora 18 : php-5.4.17-2.fc18 (2013-12315)	Nessus	Fedora Local Security Checks	medium
68973	Fedora 19 : php-5.5.0-2.fc19 (2013-12977)	Nessus	Fedora Local Security Checks	medium
68942	Debian DSA-2723-1 : php5 - heap corruption	Nessus	Debian Local Security Checks	medium
68923	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerabilities (USN-1905-1)	Nessus	Ubuntu Local Security Checks	medium
68917	FreeBSD : PHP5 -- Heap corruption in XML parser (31b145f2-d9d3-49a9-8023-11cf742205dc)	Nessus	FreeBSD Local Security Checks	medium
68916	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : php (SSA:2013-197-01)	Nessus	Slackware Local Security Checks	medium
801404	PHP 5.3.x < 5.3.27 Information Disclosure	Log Correlation Engine	Web Servers	medium
6928	PHP 5.3.x < 5.3.27 Information Disclosure	Nessus Network Monitor	Web Servers	medium
68868	Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
68867	Scientific Linux Security Update : php53 on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
68866	RHEL 5 : php53 (RHSA-2013:1050)	Nessus	Red Hat Local Security Checks	medium
68865	RHEL 5 / 6 : php (RHSA-2013:1049)	Nessus	Red Hat Local Security Checks	medium
68864	Oracle Linux 5 : php53 (ELSA-2013-1050)	Nessus	Oracle Linux Local Security Checks	medium
68863	Oracle Linux 5 / 6 : php (ELSA-2013-1049)	Nessus	Oracle Linux Local Security Checks	medium
68862	Mandriva Linux Security Advisory : php (MDVSA-2013:195)	Nessus	Mandriva Local Security Checks	medium
68859	CentOS 5 : php53 (CESA-2013:1050)	Nessus	CentOS Local Security Checks	medium
68858	CentOS 5 / 6 : php (CESA-2013:1049)	Nessus	CentOS Local Security Checks	medium
67259	PHP 5.3.x < 5.3.27 Multiple Vulnerabilities	Nessus	CGI abuses	medium