FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-4113

This CVE name corresponds to:

Entered Topic
2013-07-16 PHP5 -- Heap corruption in XML parser

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-4113 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-4113
Phase Assigned(20130612)

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

References

Source Reference
CONFIRM http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271
CONFIRM http://php.net/ChangeLog-5.php
CONFIRM http://php.net/archive/2013.php#id2013-07-11-1
CONFIRM https://bugs.php.net/bug.php?id=65236
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=983689
CONFIRM http://support.apple.com/kb/HT6150
DEBIAN DSA-2723
REDHAT RHSA-2013:1049
REDHAT RHSA-2013:1050
REDHAT RHSA-2013:1061
REDHAT RHSA-2013:1063
REDHAT RHSA-2013:1062
SUSE SUSE-SU-2013:1285
SUSE SUSE-SU-2013:1316
SUSE SUSE-SU-2013:1315
UBUNTU USN-1905-1
SECUNIA 54071
SECUNIA 54104
SECUNIA 54163
SECUNIA 54165

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.