2214967 – TRIAGE php: stack information leak in PHP's implementation of SOAP HTTP Digest authentication

Bug 2214967 - TRIAGE php: stack information leak in PHP's implementation of SOAP HTTP Digest authentication

Summary: TRIAGE php: stack information leak in PHP's implementation of SOAP HTTP Diges...

Keywords:
Status:	NEW
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2214968 2214969
Blocks:	2214970
TreeView+	depends on / blocked

Reported:	2023-06-14 09:08 UTC by Sandipan Roy
Modified:	2023-07-07 08:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2023-06-14 09:08:29 UTC

It was discovered that PHP's implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.

Ref: https://packetstormsecurity.com/files/172900/dsa-5424-1.txt

Comment 2 Remi Collet 2023-06-14 11:51:04 UTC

PHP upstream considers this issue as "low", so don't issue any CVE for it

Note You need to log in before you can comment on or make changes to this bug.