what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2013-4113

Status Candidate

Overview

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Related Files

Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
MD5 | 9fc05cd1682ef7aee444653346de8eae
Apple Security Advisory 2014-02-25-1
Posted Feb 26, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2011-3389, CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-4113, CVE-2013-4248, CVE-2013-5139, CVE-2013-5178, CVE-2013-5179, CVE-2013-5986, CVE-2013-5987, CVE-2013-6420, CVE-2013-6629, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1252, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261
MD5 | 77202653b9ef1fb712388ec7bd192749
Debian Security Advisory 2723-1
Posted Jul 17, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2013-4113
MD5 | f1a3cbc47939b9fe8b5c22cf6225d053
Slackware Security Advisory - php Updates
Posted Jul 17, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4113.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-4113
MD5 | 3623943ea2d014bc4d6c9f7cb329339a
Ubuntu Security Notice USN-1905-1
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1905-1 - It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2013-4113, CVE-2013-4635, CVE-2013-4113, CVE-2013-4635
MD5 | a92ccf7874294760341b5098e3005840
Red Hat Security Advisory 2013-1063-01
Posted Jul 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1063-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
MD5 | bac0d814f7de929e6aae49a608b933c9
Red Hat Security Advisory 2013-1062-01
Posted Jul 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1062-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
MD5 | de7bf8577694245b31d5e4bd00f229ef
Red Hat Security Advisory 2013-1061-01
Posted Jul 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1061-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
MD5 | c8cbb257d245cacf208273bbb18e375a
Mandriva Linux Security Advisory 2013-195
Posted Jul 15, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-195 - A heap corruption vulnerability has been discovered and corrected in PHP.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2013-4113
MD5 | 1ad398ec7927778e9f0611d8bfaef0ca
Red Hat Security Advisory 2013-1049-01
Posted Jul 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1049-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
MD5 | 2e12efd32b200feabaa1fea41d14605a
Red Hat Security Advisory 2013-1050-01
Posted Jul 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1050-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-4113
MD5 | d202b5b9bc82fdaa1ae63e4ccea15d51
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close