1685408 – (CVE-2019-9025) CVE-2019-9025 php: Negative size parameter in mb_split

Bug 1685408 (CVE-2019-9025) - CVE-2019-9025 php: Negative size parameter in mb_split

Summary: CVE-2019-9025 php: Negative size parameter in mb_split

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-9025
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1680558
TreeView+	depends on / blocked

Reported:	2019-03-05 06:51 UTC by Dhananjay Arunesh
Modified:	2021-02-16 22:18 UTC (History)
CC List:	4 users (show)
Fixed In Version:	php 7.3.1
Clone Of:
Environment:
Last Closed:	2019-05-13 05:34:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-03-05 06:51:00 UTC

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

Upstream commit:
http://git.php.net/?p=php-src.git;a=commit;h=e617f03066ce81d26f56c06d6bd7787c7de08703
http://git.php.net/?p=php-src.git;a=commit;h=11ce508ee3390d4e68542c9fdae1277e3e75a573

Reference:
https://bugs.php.net/bug.php?id=77367

Comment 1 Huzaifa S. Sidhpurwala 2019-05-13 05:34:59 UTC

Statement:

This ship only affects PHP 7.3 which is not currently shipped with any Red Hat Products.

Note You need to log in before you can comment on or make changes to this bug.