A vulnerability was found in php. The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. Upstream bug: https://bugs.php.net/bug.php?id=69975
Created php tracking bugs for this issue: Affects: fedora-all [bug 1338927]
Upstream commits: http://git.php.net/?p=php-src.git;a=commitdiff;h=16db4d1462bf3eacb93c0cd940f799160a284b24 http://git.php.net/?p=php-src.git;a=commitdiff;h=344ff5dd4c538eaebea075f7705321f8b86d0b47 This bug is triggered when using certain ODBC drivers and when database columns have certain types. If a PHP application access such columns, it triggers the problem. No malicious request is needed. It does not seem this bug should have been classified as security issue.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html