Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1377361 - (CVE-2016-7415) CVE-2016-7415 icu: Stack based buffer overflow in locid.cpp
CVE-2016-7415 icu: Stack based buffer overflow in locid.cpp
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160903,repor...
: Security
Depends On: 1377363 1377364 1377362
Blocks: 1360344
  Show dependency treegraph
 
Reported: 2016-09-19 09:30 EDT by Adam Mariš
Modified: 2016-11-29 22:50 EST (History)
18 users (show)

See Also:
Fixed In Version: icu 58.1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-29 22:50:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2016-09-19 09:30:18 EDT 
It was found that big locale string causes stack based overflow inside libicu.

PHP bug:

https://bugs.php.net/bug.php?id=73007

CVE assignment:

http://seclists.org/oss-sec/2016/q3/518
Comment 1 Adam Mariš 2016-09-19 09:31:23 EDT 
Created mingw-icu tracking bugs for this issue:

Affects: fedora-all [bug 1377363]
Affects: epel-7 [bug 1377364]
Comment 2 Adam Mariš 2016-09-19 09:31:36 EDT 
Created icu tracking bugs for this issue:

Affects: fedora-all [bug 1377362]
Comment 3 Doran Moppert 2016-09-29 00:06:40 EDT 
If there is an upstream icu bug, it is still private.  I have attempted to repro on rhel-7.2 based on variants of the PHP function, but no success so far.

PHP upstream crash report shows a stack overflow in Locale::Locale(char*).  RHEL builds icu with -fstack-protector, which prevents traditional code execution vectors through stack smashing.  I don't see any dangerous adjacent stack contents in that constructor, so the impact here is limited to a crash.
Comment 5 Doran Moppert 2016-11-04 04:36:45 EDT 
Upstream bug (ICU) (private as at 2016-11-04):

http://bugs.icu-project.org/trac/ticket/12745
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.