|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-06-23 | |
| Rule Name: | PHP Xml_parse_into_struct Heap Memory Corruption Vulnerability -1 (CVE-2013-4113) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | |
| Impact: | An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack. | |
| Affected OS: | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS | |
| Reference: | http://git.php.net/?p=php-src.git a=commit h=7d163e8a0880ae8af2dd869071393e5dc07ef271 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://php.net/ChangeLog-5.php#5.3.27 http://php.net/archive/2013.php#id2013-07-11-1 |