CVE-2013-4113

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

References

http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html

http://php.net/archive/2013.php#id2013-07-11-1

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2013-1049.html

http://rhn.redhat.com/errata/RHSA-2013-1050.html

http://rhn.redhat.com/errata/RHSA-2013-1061.html

http://rhn.redhat.com/errata/RHSA-2013-1062.html

http://rhn.redhat.com/errata/RHSA-2013-1063.html

http://secunia.com/advisories/54071

http://secunia.com/advisories/54104

http://secunia.com/advisories/54163

http://secunia.com/advisories/54165

http://support.apple.com/kb/HT6150

http://www.debian.org/security/2013/dsa-2723

http://www.ubuntu.com/usn/USN-1905-1

https://bugs.php.net/bug.php?id=65236

https://bugzilla.redhat.com/show_bug.cgi?id=983689

Details

Source: MITRE

Published: 2013-07-13

Updated: 2014-03-06

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.26 (inclusive)

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
102079Juniper Junos PHP multiple vulnerabilities (JSA10804)NessusJunos Local Security Checks
high
83598SUSE SLES11 Security Update : PHP5 (SUSE-SU-2013:1316-1)NessusSuSE Local Security Checks
medium
83477F5 Networks BIG-IP : PHP vulnerability (SOL15169)NessusF5 Networks Local Security Checks
medium
80736Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)NessusSolaris Local Security Checks
critical
79288RHEL 5 : php53 (RHSA-2013:1062)NessusRed Hat Local Security Checks
medium
79287RHEL 5 / 6 : php (RHSA-2013:1061)NessusRed Hat Local Security Checks
medium
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
75096openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1)NessusSuSE Local Security Checks
high
8138Mac OS X < 10.9.2 Multiple Vulnerabilities Nessus Network MonitorWeb Clients
critical
72688Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)NessusMacOS X Local Security Checks
critical
72687Mac OS X 10.9.x < 10.9.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
69770Amazon Linux AMI : php54 (ALAS-2013-212)NessusAmazon Linux Local Security Checks
medium
69769Amazon Linux AMI : php (ALAS-2013-211)NessusAmazon Linux Local Security Checks
medium
6999PHP 5.5.x < 5.5.1 xml.c Buffer OverflowNessus Network MonitorWeb Servers
high
6996PHP 5.4.x < 5.4.18 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
69401PHP 5.4.x < 5.4.19 Multiple VulnerabilitiesNessusCGI abuses
high
69348PHP 5.5.x < 5.5.1 xml.c Buffer OverflowNessusCGI abuses
medium
69296SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)NessusSuSE Local Security Checks
high
69295SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)NessusSuSE Local Security Checks
high
69294SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8086)NessusSuSE Local Security Checks
high
69172SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8647)NessusSuSE Local Security Checks
high
69009Oracle Linux 4 : php (ELSA-2013-1063)NessusOracle Linux Local Security Checks
medium
69001Fedora 17 : php-5.4.17-2.fc17 (2013-12354)NessusFedora Local Security Checks
medium
69000Fedora 18 : php-5.4.17-2.fc18 (2013-12315)NessusFedora Local Security Checks
medium
68973Fedora 19 : php-5.5.0-2.fc19 (2013-12977)NessusFedora Local Security Checks
medium
68942Debian DSA-2723-1 : php5 - heap corruptionNessusDebian Local Security Checks
medium
68923Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : php5 vulnerabilities (USN-1905-1)NessusUbuntu Local Security Checks
medium
68917FreeBSD : PHP5 -- Heap corruption in XML parser (31b145f2-d9d3-49a9-8023-11cf742205dc)NessusFreeBSD Local Security Checks
medium
68916Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : php (SSA:2013-197-01)NessusSlackware Local Security Checks
medium
801404PHP 5.3.x < 5.3.27 Information DisclosureLog Correlation EngineWeb Servers
medium
6928PHP 5.3.x < 5.3.27 Information DisclosureNessus Network MonitorWeb Servers
low
68868Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20130712)NessusScientific Linux Local Security Checks
medium
68867Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130712)NessusScientific Linux Local Security Checks
medium
68866RHEL 5 : php53 (RHSA-2013:1050)NessusRed Hat Local Security Checks
medium
68865RHEL 5 / 6 : php (RHSA-2013:1049)NessusRed Hat Local Security Checks
medium
68864Oracle Linux 5 : php53 (ELSA-2013-1050)NessusOracle Linux Local Security Checks
medium
68863Oracle Linux 5 / 6 : php (ELSA-2013-1049)NessusOracle Linux Local Security Checks
medium
68862Mandriva Linux Security Advisory : php (MDVSA-2013:195)NessusMandriva Local Security Checks
medium
68859CentOS 5 : php53 (CESA-2013:1050)NessusCentOS Local Security Checks
medium
68858CentOS 5 / 6 : php (CESA-2013:1049)NessusCentOS Local Security Checks
medium
67259PHP 5.3.x < 5.3.27 Multiple VulnerabilitiesNessusCGI abuses
medium