Vulnerability Name: | CVE-2013-2110 (CCN-84805) |
Assigned: | 2013-06-06 |
Published: | 2013-06-06 |
Updated: | 2016-12-31 |
Summary: | Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
|
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2013-2110
Source: APPLE Type: UNKNOWN APPLE-SA-2013-09-12-1
Source: CCN Type: PHP Web Site PHP
Source: CCN Type: PHP News Archive - 2013 PHP 5.4.16 and PHP 5.3.26 released!
Source: CCN Type: SA53736 PHP "php_quot_print_encode()" Buffer Overflow Vulnerability
Source: CCN Type: Apple Web site About the security content of OS X Mountain Lion v10.8.5 and Security Update 2013-004
Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT5880
Source: CONFIRM Type: UNKNOWN http://www.php.net/ChangeLog-5.php
Source: BID Type: UNKNOWN 60411
Source: CCN Type: BID-60411 PHP CVE-2013-2110 Heap Based Buffer Overflow Vulnerability
Source: UBUNTU Type: UNKNOWN USN-1872-1
Source: CONFIRM Type: UNKNOWN https://bugs.php.net/bug.php?id=64879
Source: XF Type: UNKNOWN php-cve20132110-bo(84805)
Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-2110
|
Vulnerable Configuration: | Configuration 1: cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.14:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.15:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.16:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.17:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.7:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.8:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.10:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.12:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.13:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.14:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.15:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.16:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.17:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.18:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.19:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.20:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.21:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.22:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.23:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.24:-:*:*:*:*:*:*OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.3.25) Configuration 2: cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.1:*:*:*:*:*:*:*OR cpe:/a:php:php:5.4.2:*:*:*:*:*:*:*OR cpe:/a:php:php:5.4.3:*:*:*:*:*:*:*OR cpe:/a:php:php:5.4.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.6:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.7:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.8:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.10:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.12:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.13:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.14:-:*:*:*:*:*:*OR cpe:/a:php:php:5.4.15:-:*:*:*:*:*:* Configuration CCN 1: cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*OR cpe:/a:guriddo:form_php:5.3:*:*:*:*:*:*:*AND cpe:/o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.8:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |