Bug 573779 – CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 573779 - (CVE-2010-0397) CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension

Summary:	CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension

Status:	CLOSED ERRATA

Aliases:	CVE-2010-0397

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:	http://seclists.org/oss-sec/2010/q1/211
Whiteboard:	impact=low,source=debian,reported=201...
Keywords:	Security

Depends On:	575712 626733 626734 626735 626736
Blocks:
	Show dependency tree / graph

Reported:	2010-03-15 14:54 EDT by Jan Lieskovsky
Modified:	2016-03-04 07:37 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-06-20 12:55:33 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0919	normal	SHIPPED_LIVE	Moderate: php security update	2010-11-29 16:33:48 EST

Groups: None (edit)

Description Jan Lieskovsky 2010-03-15 14:54:35 EDT

Auke van Slooten reported:
  [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573

a deficiency in the way php's XML-RPC protocol extension decoded
specific requests. Decoding a certain XML file, in an application
using the php's XML-RPC protocol extension would lead to crash
of that application.

Comment 1 Jan Lieskovsky 2010-03-15 14:55:45 EDT

Example XML file leading to crash (from [1]):

<?php
$req = '<?xml version="1.0"?>
<methodCall>
   </methodCall>';
    $result = xmlrpc_decode_request( $req, $frop );
?>

Comment 4 Tomas Hoger 2010-03-22 04:22:43 EDT

Upstream bug report:
  http://bugs.php.net/bug.php?id=51288

Upstream commit:
  http://svn.php.net/viewvc?view=revision&revision=296152
  http://marc.info/?l=php-cvs&m=126850564920095&w=2

follow-up commit fixing memleak in the patch:
  http://svn.php.net/viewvc?view=revision&revision=296153
  http://marc.info/?l=php-cvs&m=126851202625683&w=2

Comment 5 Tomas Hoger 2010-03-22 04:29:12 EDT

This issue affects PHP packages in Red Hat Enterprise Linux 4 and 5.  XMLRPC extension is not enabled in Red Hat Enterprise Linux 3 PHP packages.

Comment 7 Tomas Hoger 2010-07-23 06:05:20 EDT

Fixed upstream in 5.3.3:
  http://www.php.net/releases/5_3_3.php

Comment 9 errata-xmlrpc 2010-11-29 16:34:19 EST

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0919 https://rhn.redhat.com/errata/RHSA-2010-0919.html

Comment 10 Vincent Danen 2010-11-29 17:41:56 EST

Statement:

This issue was addressed in the php packages as shipped with Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0919.html

Note You need to log in before you can comment on or make changes to this bug.