ID CVE-2013-2110
Summary Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
References
Vulnerable Configurations
  • PHP 5.3.20 -
    cpe:2.3:a:php:php:5.3.20
  • PHP 5.3.19 -
    cpe:2.3:a:php:php:5.3.19
  • PHP 5.3.18 -
    cpe:2.3:a:php:php:5.3.18
  • PHP 5.3.17
    cpe:2.3:a:php:php:5.3.17
  • PHP 5.3.16
    cpe:2.3:a:php:php:5.3.16
  • PHP 5.3.15 -
    cpe:2.3:a:php:php:5.3.15
  • PHP 5.3.14 -
    cpe:2.3:a:php:php:5.3.14
  • PHP 5.3.12
    cpe:2.3:a:php:php:5.3.12
  • PHP 5.3.8
    cpe:2.3:a:php:php:5.3.8
  • PHP 5.3.11 -
    cpe:2.3:a:php:php:5.3.11
  • PHP 5.3.4 -
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.3 -
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP 5.3.1 -
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.7 -
    cpe:2.3:a:php:php:5.3.7
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.9 -
    cpe:2.3:a:php:php:5.3.9
  • PHP 5.3.13
    cpe:2.3:a:php:php:5.3.13
  • PHP 5.3.2 -
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.10
    cpe:2.3:a:php:php:5.3.10
  • PHP 5.2.15 -
    cpe:2.3:a:php:php:5.2.15
  • PHP 5.2.9 -
    cpe:2.3:a:php:php:5.2.9
  • PHP 5.2.16
    cpe:2.3:a:php:php:5.2.16
  • PHP 5.2.12 -
    cpe:2.3:a:php:php:5.2.12
  • PHP 5.2.10 -
    cpe:2.3:a:php:php:5.2.10
  • PHP 5.2.13 -
    cpe:2.3:a:php:php:5.2.13
  • PHP 5.2.5 -
    cpe:2.3:a:php:php:5.2.5
  • PHP 5.2.11 -
    cpe:2.3:a:php:php:5.2.11
  • PHP 5.2.7 -
    cpe:2.3:a:php:php:5.2.7
  • PHP 5.2.0
    cpe:2.3:a:php:php:5.2.0
  • PHP 5.2.8
    cpe:2.3:a:php:php:5.2.8
  • PHP 5.2.6 -
    cpe:2.3:a:php:php:5.2.6
  • PHP 5.2.4 -
    cpe:2.3:a:php:php:5.2.4
  • PHP 5.2.3 -
    cpe:2.3:a:php:php:5.2.3
  • PHP 5.2.14 -
    cpe:2.3:a:php:php:5.2.14
  • PHP 5.2.1 -
    cpe:2.3:a:php:php:5.2.1
  • PHP 5.2.2 -
    cpe:2.3:a:php:php:5.2.2
  • PHP 5.2.17
    cpe:2.3:a:php:php:5.2.17
  • PHP PHP 5.1.3
    cpe:2.3:a:php:php:5.1.3
  • PHP 5.1.2 -
    cpe:2.3:a:php:php:5.1.2
  • PHP PHP 5.1.1
    cpe:2.3:a:php:php:5.1.1
  • PHP 5.1.0 -
    cpe:2.3:a:php:php:5.1.0
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.1.4
    cpe:2.3:a:php:php:5.1.4
  • PHP 5.1.5 -
    cpe:2.3:a:php:php:5.1.5
  • PHP 5.0.5 -
    cpe:2.3:a:php:php:5.0.5
  • PHP 5.0.4 -
    cpe:2.3:a:php:php:5.0.4
  • PHP 5.0.3 -
    cpe:2.3:a:php:php:5.0.3
  • PHP PHP 5.0.0 RC1
    cpe:2.3:a:php:php:5.0.0:rc1
  • PHP PHP 5.0.0 Beta4
    cpe:2.3:a:php:php:5.0.0:beta4
  • PHP PHP 5.0.0 Beta3
    cpe:2.3:a:php:php:5.0.0:beta3
  • PHP PHP 5.0.0 Beta2
    cpe:2.3:a:php:php:5.0.0:beta2
  • PHP 5.0.2 -
    cpe:2.3:a:php:php:5.0.2
  • PHP 5.0.1 -
    cpe:2.3:a:php:php:5.0.1
  • PHP PHP 5.0.0 RC3
    cpe:2.3:a:php:php:5.0.0:rc3
  • PHP PHP 5.0.0 RC2
    cpe:2.3:a:php:php:5.0.0:rc2
  • PHP 5.0.0 -
    cpe:2.3:a:php:php:5.0.0
  • PHP PHP 5.0.0 Beta1
    cpe:2.3:a:php:php:5.0.0:beta1
  • PHP 4.3.10 -
    cpe:2.3:a:php:php:4.3.10
  • PHP PHP 4.3.1
    cpe:2.3:a:php:php:4.3.1
  • PHP 4.3.2 -
    cpe:2.3:a:php:php:4.3.2
  • PHP 4.3.11 -
    cpe:2.3:a:php:php:4.3.11
  • PHP 4.3.4 -
    cpe:2.3:a:php:php:4.3.4
  • PHP 4.3.3 -
    cpe:2.3:a:php:php:4.3.3
  • PHP 4.3.6 -
    cpe:2.3:a:php:php:4.3.6
  • PHP 4.3.5 -
    cpe:2.3:a:php:php:4.3.5
  • PHP 4.2.1 -
    cpe:2.3:a:php:php:4.2.1
  • PHP 4.4.8 -
    cpe:2.3:a:php:php:4.4.8
  • PHP 4.2.0 -
    cpe:2.3:a:php:php:4.2.0
  • PHP 4.4.9 -
    cpe:2.3:a:php:php:4.4.9
  • PHP 4.2.3 -
    cpe:2.3:a:php:php:4.2.3
  • PHP PHP 4.2.2
    cpe:2.3:a:php:php:4.2.2
  • PHP 4.4.5 -
    cpe:2.3:a:php:php:4.4.5
  • PHP 4.4.6 -
    cpe:2.3:a:php:php:4.4.6
  • PHP 4.4.7 -
    cpe:2.3:a:php:php:4.4.7
  • PHP 4.3.0 -
    cpe:2.3:a:php:php:4.3.0
  • PHP 4.3.7 -
    cpe:2.3:a:php:php:4.3.7
  • PHP PHP 4.3.8
    cpe:2.3:a:php:php:4.3.8
  • PHP PHP 4.3.9
    cpe:2.3:a:php:php:4.3.9
  • PHP 4.4.0 -
    cpe:2.3:a:php:php:4.4.0
  • PHP 4.4.1 -
    cpe:2.3:a:php:php:4.4.1
  • PHP 4.4.2 -
    cpe:2.3:a:php:php:4.4.2
  • PHP 4.4.3 -
    cpe:2.3:a:php:php:4.4.3
  • PHP 4.4.4 -
    cpe:2.3:a:php:php:4.4.4
  • PHP PHP 4.0 Beta 1
    cpe:2.3:a:php:php:4.0:beta1
  • PHP PHP 4.0 Beta 2
    cpe:2.3:a:php:php:4.0:beta2
  • PHP 4.0.1 -
    cpe:2.3:a:php:php:4.0.1
  • PHP PHP 4.0.0
    cpe:2.3:a:php:php:4.0.0
  • PHP PHP 4.0 Beta 4 Patch Level 1
    cpe:2.3:a:php:php:4.0:beta_4_patch1
  • PHP PHP 4.0 Beta 3
    cpe:2.3:a:php:php:4.0:beta3
  • PHP PHP 4.0 Beta 4
    cpe:2.3:a:php:php:4.0:beta4
  • PHP 4.0.6 -
    cpe:2.3:a:php:php:4.0.6
  • PHP 4.0.5 -
    cpe:2.3:a:php:php:4.0.5
  • PHP 4.0.4 -
    cpe:2.3:a:php:php:4.0.4
  • PHP PHP 4.0.3
    cpe:2.3:a:php:php:4.0.3
  • PHP PHP 4.0.2
    cpe:2.3:a:php:php:4.0.2
  • PHP PHP 4.1.2
    cpe:2.3:a:php:php:4.1.2
  • PHP PHP 4.1.1
    cpe:2.3:a:php:php:4.1.1
  • PHP 4.1.0 -
    cpe:2.3:a:php:php:4.1.0
  • PHP 4.0.7 -
    cpe:2.3:a:php:php:4.0.7
  • PHP PHP 3.0.11
    cpe:2.3:a:php:php:3.0.11
  • PHP PHP 3.0.10
    cpe:2.3:a:php:php:3.0.10
  • PHP PHP 3.0.13
    cpe:2.3:a:php:php:3.0.13
  • PHP PHP 3.0.12
    cpe:2.3:a:php:php:3.0.12
  • PHP PHP 3.0.1
    cpe:2.3:a:php:php:3.0.1
  • PHP PHP 3.0
    cpe:2.3:a:php:php:3.0
  • PHP PHP 3.0.2
    cpe:2.3:a:php:php:3.0.2
  • PHP PHP 3.0.18
    cpe:2.3:a:php:php:3.0.18
  • PHP PHP 3.0.4
    cpe:2.3:a:php:php:3.0.4
  • PHP PHP 3.0.3
    cpe:2.3:a:php:php:3.0.3
  • PHP PHP 3.0.15
    cpe:2.3:a:php:php:3.0.15
  • PHP PHP 3.0.14
    cpe:2.3:a:php:php:3.0.14
  • PHP PHP 3.0.17
    cpe:2.3:a:php:php:3.0.17
  • PHP PHP 3.0.16
    cpe:2.3:a:php:php:3.0.16
  • PHP PHP 3.0.9
    cpe:2.3:a:php:php:3.0.9
  • PHP PHP 3.0.7
    cpe:2.3:a:php:php:3.0.7
  • PHP PHP 3.0.8
    cpe:2.3:a:php:php:3.0.8
  • PHP PHP 3.0.5
    cpe:2.3:a:php:php:3.0.5
  • PHP PHP 3.0.6
    cpe:2.3:a:php:php:3.0.6
  • PHP PHP_FI 2.0b10
    cpe:2.3:a:php:php:2.0b10
  • PHP PHP_FI 2.0
    cpe:2.3:a:php:php:2.0
  • PHP PHP_FI 1.0
    cpe:2.3:a:php:php:1.0
  • PHP 5.3.21 -
    cpe:2.3:a:php:php:5.3.21
  • PHP 5.3.22 -
    cpe:2.3:a:php:php:5.3.22
  • PHP 5.3.23 -
    cpe:2.3:a:php:php:5.3.23
  • PHP 5.3.24 -
    cpe:2.3:a:php:php:5.3.24
  • PHP 5.3.25 -
    cpe:2.3:a:php:php:5.3.25
  • PHP 5.4.4 -
    cpe:2.3:a:php:php:5.4.4
  • PHP 5.4.3
    cpe:2.3:a:php:php:5.4.3
  • PHP 5.4.0 -
    cpe:2.3:a:php:php:5.4.0
  • PHP 5.4.1
    cpe:2.3:a:php:php:5.4.1
  • PHP 5.4.2
    cpe:2.3:a:php:php:5.4.2
  • PHP 5.4.11 -
    cpe:2.3:a:php:php:5.4.11
  • PHP 5.4.10 -
    cpe:2.3:a:php:php:5.4.10
  • PHP 5.4.9 -
    cpe:2.3:a:php:php:5.4.9
  • PHP 5.4.8 -
    cpe:2.3:a:php:php:5.4.8
  • PHP 5.4.7 -
    cpe:2.3:a:php:php:5.4.7
  • PHP 5.4.6 -
    cpe:2.3:a:php:php:5.4.6
  • PHP 5.4.5 -
    cpe:2.3:a:php:php:5.4.5
  • PHP 5.4.12 -
    cpe:2.3:a:php:php:5.4.12
  • PHP 5.4.13 -
    cpe:2.3:a:php:php:5.4.13
  • PHP 5.4.14 -
    cpe:2.3:a:php:php:5.4.14
  • PHP 5.4.15 -
    cpe:2.3:a:php:php:5.4.15
CVSS
Base: 5.0 (as of 24-06-2013 - 17:35)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-205.NASL
    description Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69763
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69763
    title Amazon Linux AMI : php (ALAS-2013-205)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15876.NASL
    description Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 79644
    published 2014-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79644
    title F5 Networks BIG-IP : PHP vulnerability (SOL15876)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77455
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77455
    title GLSA-201408-11 : PHP: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_59E7163CCF8411E2907B0025905A4770.NASL
    description The PHP development team reports : A Heap-based buffer overflow flaw was found in the php quoted_printable_encode() function. A remote attacker could use this flaw to cause php to crash or execute arbitrary code with the permission of the user running php
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66845
    published 2013-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66845
    title FreeBSD : php5 -- Heap based buffer overflow in quoted_printable_encode (59e7163c-cf84-11e2-907b-0025905a4770)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-161-01.NASL
    description New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2014-04-03
    plugin id 66850
    published 2013-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66850
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : php (SSA:2013-161-01)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-004.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 69878
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69878
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-004)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1872-1.NASL
    description It was discovered that PHP incorrectly handled the quoted_printable_encode function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66877
    published 2013-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66877
    title Ubuntu 13.04 : php5 vulnerability (USN-1872-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-206.NASL
    description Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69764
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69764
    title Amazon Linux AMI : php54 (ALAS-2013-206)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_5.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 69877
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69877
    title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_PHP_20140401.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an 'overflow.' (CVE-2012-2688) - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. (CVE-2012-3365) - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. (CVE-2013-1635) - The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. (CVE-2013-1643) - Heap-based buffer overflow in the php_quot_print_encode function in ext/ standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. (CVE-2013-2110) - ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. (CVE-2013-4113) - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4248) - Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. (CVE-2013-4635) - The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. (CVE-2013-4636)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80736
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80736
    title Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)
  • NASL family CGI abuses
    NASL id PHP_5_3_26.NASL
    description According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings (Bug #64879) - An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895) Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 66842
    published 2013-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66842
    title PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
  • NASL family CGI abuses
    NASL id PHP_5_4_16.NASL
    description According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.16. It is, therefore, potentially affected by the following vulnerabilities: - An error exists in the mimetype detection of 'mp3' files that could lead to a denial of service. (Bug #64830) - An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings. (Bug #64879) - An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895) Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 66843
    published 2013-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66843
    title PHP 5.4.x < 5.4.16 Multiple Vulnerabilities
refmap via4
apple APPLE-SA-2013-09-12-1
bid 60411
confirm
ubuntu USN-1872-1
Last major update 30-12-2016 - 21:59
Published 21-06-2013 - 16:55
Back to Top