CVE-2013-4113
Public on 2013-07-12
Modified on 2014-09-15
Description
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Severity
Critical
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | php | 2013-07-12 | ALAS-2013-211 | Fixed |
| Amazon Linux 1 | php54 | 2013-07-12 | ALAS-2013-212 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |