Bug 1297720
Summary: | php: Use-after-free in WDDX Packet Deserialization | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abhgupta, carnil, cbuissar, dmcphers, fedora, jialiu, jokerman, jorton, kseifried, lmeyer, mmaslano, mmccomas, rcollet, tiwillia, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.5.31, php 5.6.17 | Doc Type: | Bug Fix |
Doc Text: |
A use-after-free flaw was found in the php_wddx_pop_element() function of PHP's WDDX extension. Unserializing specially crafted input could cause a PHP application to crash or, possibly, execute arbitrary code.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-03 13:02:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1297722 | ||
Bug Blocks: | 1297732 |
Description
Adam Mariš
2016-01-12 10:17:14 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1297722] php-5.6.17-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. php-5.6.17-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. Lowering the impact down to moderate based on the following : * WDDX packet deserialization should not be used with untrusted source : http://php.net/manual/en/function.wddx-deserialize.php#refsect1-function.wddx-deserialize-returnvalues |