Multiple vulnerabilities in PHP
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42772
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-4635
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.4.15
CPE2.3- cpe:2.3:a:php_group:php:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:2.0b10:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
https://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
https://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html
https://secunia.com/advisories/54104
https://www.attrition.org/pipermail/vim/2013-June/002697.html
https://www.php.net/ChangeLog-5.php
https://www.securitytracker.com/id/1028699
https://www.ubuntu.com/usn/USN-1905-1
https://bugs.php.net/bug.php?id=64895
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU42773
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-4636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.4.0 - 5.4.15
CPE2.3 External linkshttps://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=64830
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU42774
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2110
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16. A remote attacker can use a crafted argument to the quoted_printable_encode function. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 1.0 - 5.4.15
CPE2.3 External linkshttps://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
https://support.apple.com/kb/HT5880
https://www.php.net/ChangeLog-5.php
https://www.securityfocus.com/bid/60411
https://www.ubuntu.com/usn/USN-1872-1
https://bugs.php.net/bug.php?id=64879
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
