Bug 2179880 (CVE-2022-4900) - CVE-2022-4900 php: potential buffer overflow in php_cli_server_startup_workers
Summary: CVE-2022-4900 php: potential buffer overflow in php_cli_server_startup_workers
Keywords:
Status: NEW
Alias: CVE-2022-4900
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2179881 2179883 2179884 2179885 2179886 2179887
Blocks: 2165878
TreeView+ depends on / blocked
 
Reported: 2023-03-20 10:43 UTC by Dhananjay Arunesh
Modified: 2023-12-13 06:41 UTC (History)
4 users (show)

Fixed In Version: php 8.0.22
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2023-03-20 10:43:22 UTC
A vulnerability was found in PHP, where by setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

References:
https://github.com/php/php-src/issues/8989

Comment 1 Dhananjay Arunesh 2023-03-20 10:43:46 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2179881]

Comment 4 John Helmert III 2023-11-05 18:17:14 UTC
Please attach the upstream reference noted here to the CVE.


Note You need to log in before you can comment on or make changes to this bug.