Bug 1786567 (CVE-2019-11046)

Summary: CVE-2019-11046 php: OOB read in bc_shift_addsub
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora, hhorak, jorton, rcollet, webstack-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-06 13:47:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1786568    
Bug Blocks: 1786580    

Description Dhananjay Arunesh 2019-12-26 09:39:28 UTC
A vulnerability was found in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Reference:
https://bugs.php.net/bug.php?id=78878

Comment 1 Dhananjay Arunesh 2019-12-26 09:42:42 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1786568]

Comment 3 Marco Benatto 2020-01-06 13:47:17 UTC
Statement:

Any version of PHP as shipped with Red Hat Enterprise Linux are not affected. This flaw affected php running only on top of Windows Operating System, the bug itself is related to OS specific isdigit() function implementation.