Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-3735

Опубликовано: 23 мая 2013
Источник: redhat
CVSS2: 5

Описание

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

Отчет

We do not consider memory safety hazards caused by malformed php scripts as a security issue. Also (as per upstream) OS-level security should be used to protect systems from memory exhaustion caused by php applications.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected

Показывать по

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=969996php: DoS (memory exhaustion, application crash) via crafted function definition

5 Medium

CVSS2

Связанные уязвимости

CVSS3: 7.5
ubuntu
около 12 лет назад

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

CVSS3: 7.5
nvd
около 12 лет назад

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

CVSS3: 7.5
debian
около 12 лет назад

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does n ...

CVSS3: 7.5
github
больше 3 лет назад

** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."

CVSS3: 3.7
fstec
около 12 лет назад

Уязвимость компонента Zend Engine интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

5 Medium

CVSS2