Bug 646684 (CVE-2010-3710)
Summary: | CVE-2010-3710 php: DoS in filter_var() via long email string | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fedora, jorton, rpm |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-02-04 09:06:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 646688, 651953, 670463, 670464 | ||
Bug Blocks: |
Description
Vincent Danen
2010-10-25 22:05:53 UTC
Upstream fix is here: http://svn.php.net/viewvc/?view=revision&revision=303779 filter_var() was introduced in PHP 5.2.0 so this does not affect versions of PHP prior to that. Created php tracking bugs for this issue Affects: fedora-all [bug 646688] This was corrected in upstream 5.3.4. What happens here is stack overflow caused by deep recursion in the PCRE regular expression engine, when long input is compared to a "valid email address" regular expression. This regular expression was changed in between PHP versions 5.3.2 and 5.3.3: http://svn.php.net/viewvc?view=revision&revision=297350 http://bugs.php.net/49576 This issue does not occur with the previously used regular expression. Hence only php53 packages introduced in Red Hat Enterprise Linux 5.6 were affected. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0196 https://rhn.redhat.com/errata/RHSA-2011-0196.html Statement: This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5. |