Bug 573779 (CVE-2010-0397) - CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension
Summary: CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension
Alias: CVE-2010-0397
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://seclists.org/oss-sec/2010/q1/211
Depends On: 575712 626733 626734 626735 626736
TreeView+ depends on / blocked
Reported: 2010-03-15 18:54 UTC by Jan Lieskovsky
Modified: 2021-02-25 01:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-06-20 16:55:33 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0919 0 normal SHIPPED_LIVE Moderate: php security update 2010-11-29 21:33:48 UTC

Description Jan Lieskovsky 2010-03-15 18:54:35 UTC
Auke van Slooten reported:
  [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573

a deficiency in the way php's XML-RPC protocol extension decoded
specific requests. Decoding a certain XML file, in an application
using the php's XML-RPC protocol extension would lead to crash
of that application.

Comment 1 Jan Lieskovsky 2010-03-15 18:55:45 UTC
Example XML file leading to crash (from [1]):

$req = '<?xml version="1.0"?>
    $result = xmlrpc_decode_request( $req, $frop );

Comment 5 Tomas Hoger 2010-03-22 08:29:12 UTC
This issue affects PHP packages in Red Hat Enterprise Linux 4 and 5.  XMLRPC extension is not enabled in Red Hat Enterprise Linux 3 PHP packages.

Comment 7 Tomas Hoger 2010-07-23 10:05:20 UTC
Fixed upstream in 5.3.3:

Comment 9 errata-xmlrpc 2010-11-29 21:34:19 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0919 https://rhn.redhat.com/errata/RHSA-2010-0919.html

Comment 10 Vincent Danen 2010-11-29 22:41:56 UTC

This issue was addressed in the php packages as shipped with Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0919.html

Note You need to log in before you can comment on or make changes to this bug.