{"uuid": "bc93d54c-9a6c-4624-9e0b-3773a8304222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2013-3735", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2042", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2013-3735\n\ud83d\udd39 Description: The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment.  NOTE: the vendor's http://php.net/security-note.php page says \"for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.\n\ud83d\udccf Published: 2013-05-31T21:00:00Z\n\ud83d\udccf Modified: 2025-01-16T20:30:29.631Z\n\ud83d\udd17 References:\n1. https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846\n2. https://github.com/php/php-src/blob/php-5.5.0RC2/NEWS\n3. https://github.com/php/php-src/blob/php-5.4.16RC1/NEWS\n4. https://bugs.php.net/bug.php?id=64660", "creation_timestamp": "2025-01-16T20:55:59.000000Z"}