Bug 783605 (CVE-2012-0788) - CVE-2012-0788 php: crash when unserializing serialized PDORow object
Summary: CVE-2012-0788 php: crash when unserializing serialized PDORow object
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-0788
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 782956
TreeView+ depends on / blocked
 
Reported: 2012-01-21 00:16 UTC by Kurt Seifried
Modified: 2019-09-29 12:50 UTC (History)
5 users (show)

Fixed In Version: php 5.3.9
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-15 16:03:54 UTC


Attachments (Terms of Use)

Description Kurt Seifried 2012-01-21 00:16:45 UTC
https://bugs.php.net/bug.php?id=55776

 [2011-09-24 19:21 UTC] grinyad at mail dot ru

Description:
------------
<?php

// make a Pdo_Mysql statement before

$result = $stmt->fetch(PDO::FETCH_LAZY);

session_start();

$_SESSION['PDORow'] = $result;
?>

Is crashing on next request after saving PDORow to session on session_start()

[2011-09-24 19:24 UTC] aharvey@php.net

What do you mean by "crashing"? Is the actual PHP process crashing, or
are you just getting an error message because PDO statements aren't
serialisable (which is expected)?

 [2011-09-25 08:56 UTC] grinyad at mail dot ru

Is a Apache crash. It gives a CGI/FastCGI Send/Don't Send window.

http://img171.imageshack.us/img171/3953/57126366.jpg

After few minutes is crashing apache server:

http://img840.imageshack.us/img840/2981/21231006.jpg

 [2011-09-25 12:39 UTC] johannes@php.net

PDORow objects may not be serialized and therefore not be put in a session. In svn it was fixed to throw a warning and not crash anymore this will be in future releases.

Comment 3 Stefan Cornelius 2012-05-15 16:02:53 UTC
Statement:

Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary.


Note You need to log in before you can comment on or make changes to this bug.