Unrated severityNVD Advisory· Published Jul 13, 2013· Updated Apr 29, 2026

CVE-2013-4113

Description

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.3.0,<5.3.27

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.htmlnvdMailing ListThird Party Advisory
php.net/ChangeLog-5.phpnvdVendor Advisory
php.net/archive/2013.phpnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-1049.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1050.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1061.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1062.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1063.htmlnvdThird Party Advisory
secunia.com/advisories/54071nvdThird Party Advisory
secunia.com/advisories/54104nvdThird Party Advisory
secunia.com/advisories/54163nvdThird Party Advisory
secunia.com/advisories/54165nvdThird Party Advisory
support.apple.com/kb/HT6150nvdThird Party Advisory
www.debian.org/security/2013/dsa-2723nvdThird Party Advisory
www.ubuntu.com/usn/USN-1905-1nvdThird Party Advisory
bugs.php.net/bug.phpnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.015
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000