CVE-2013-4113 — MEDIUM (6.8)

Q: How severe is CVE-2013-4113?

CVE-2013-4113 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4113?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	>= 5.3.0, < 5.3.27

Related Weaknesses (CWE)

CWE-787

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.htmlMailing ListThird Party Advisory
http://php.net/ChangeLog-5.phpVendor Advisory
http://php.net/archive/2013.php#id2013-07-11-1Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1049.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1050.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1061.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1062.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1063.htmlThird Party Advisory
http://secunia.com/advisories/54071Third Party Advisory
http://secunia.com/advisories/54104Third Party Advisory
http://secunia.com/advisories/54163Third Party Advisory
http://secunia.com/advisories/54165Third Party Advisory

FAQ

What is CVE-2013-4113?

CVE-2013-4113 is a vulnerability with a CVSS score of 6.8 (MEDIUM). ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impa...

How severe is CVE-2013-4113?

CVE-2013-4113 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4113?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.