ext/xml/xml.c in PHP before 5.3.27 does not properly...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Jul 13, 2013
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 28, 2023
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
References