Vulnerability CVE-2013-2110 - CERT Civis.Net

Vulnerability Name:

CVE-2013-2110 (CCN-84805)

Assigned:

2013-06-06

Published:

2013-06-06

Updated:

2016-12-31

Summary:

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-2110

Source: APPLE
Type: UNKNOWN
APPLE-SA-2013-09-12-1

Source: CCN
Type: PHP Web Site
PHP

Source: CCN
Type: PHP News Archive - 2013
PHP 5.4.16 and PHP 5.3.26 released!

Source: CCN
Type: SA53736
PHP "php_quot_print_encode()" Buffer Overflow Vulnerability

Source: CCN
Type: Apple Web site
About the security content of OS X Mountain Lion v10.8.5 and Security Update 2013-004

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT5880

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php

Source: BID
Type: UNKNOWN
60411

Source: CCN
Type: BID-60411
PHP CVE-2013-2110 Heap Based Buffer Overflow Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1872-1

Source: CONFIRM
Type: UNKNOWN
https://bugs.php.net/bug.php?id=64879

Source: XF
Type: UNKNOWN
php-cve20132110-bo(84805)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2110

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.15:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.15:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.18:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.19:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.20:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.21:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.22:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.23:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.24:-:*:*:*:*:*:*

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.3.25)

Configuration 2:

cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.15:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

OR cpe:/a:guriddo:form_php:5.3:*:*:*:*:*:*:*

AND

cpe:/o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:16819	P	USN-1872-1 -- PHP vulnerability	2014-06-30
oval:com.ubuntu.precise:def:20132110000	V	CVE-2013-2110 on Ubuntu 12.04 LTS (precise) - medium.	2013-06-21