Bug 1035670 (CVE-2013-6712)
| Summary: | CVE-2013-6712 php: heap-based buffer over-read in DateInterval | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aneelica, bgollahe, bleanhar, ccoleman, dmcphers, drieden, fedora, jdetiber, jialiu, jkurik, jorton, jrusnack, lmeyer, mmaslano, mmcgrath, nobody+bgollahe, pfrields, rcollet, rpm, webstack-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 5.4.24, php 5.5.8 | Doc Type: | Bug Fix |
| Doc Text: |
A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-31 09:07:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1067550, 1067553, 1114521, 1119563, 1120503, 1120504, 1149762 | ||
| Bug Blocks: | 1035675, 1065838, 1149858 | ||
|
Description
Ratul Gupta
2013-11-28 09:43:08 UTC
This issue affects PHP 5.3, 5.4, and 5.5. Fixed upstream in 5.4.24 and 5.5.8: http://www.php.net/ChangeLog-5.php#5.4.24 http://www.php.net/ChangeLog-5.php#5.5.8 This issue can cause PHP to over-read heap-based buffer when parsing specially-crafted interval specification using the DateInterval class. It may possibly lead to leak of portions of heap memory, or interpreter crash. This greatly depends on the contents of memory behind the buffer being over-read. Actual crash was only reproducible with special builds with address sanitizer. Statement: This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7. Fedora php packages are already updated to 5.5.8 or later and are no longer affected by this issue. (In reply to Tomas Hoger from comment #6) > It may possibly lead to leak of portions of heap memory, or interpreter crash. I was wrong about information leak. There are check later in the code, that make php generate warning / exception if this error occurs, rather than creating DateInterval instance populated with leaked data. IssueDescription: A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:1012 https://rhn.redhat.com/errata/RHSA-2014-1012.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html |