Bug 782951 (CVE-2012-0781) - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
Summary: CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-0781
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 830729 830730
Blocks: 782956 835959
TreeView+ depends on / blocked
 
Reported: 2012-01-18 22:34 UTC by Vincent Danen
Modified: 2019-09-29 12:50 UTC (History)
3 users (show)

Fixed In Version: php 5.3.9
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-27 17:15:50 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1046 normal SHIPPED_LIVE Moderate: php security update 2012-06-27 19:48:23 UTC

Description Vincent Danen 2012-01-18 22:34:43 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0781 to
the following vulnerability:

Name: CVE-2012-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0781
Assigned: 20120118
Reference: http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Reference: http://www.exploit-db.com/exploits/18370/
Reference: http://cxsecurity.com/research/103

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via crafted input to an application that attempts to perform
Tidy::diagnose operations on invalid objects, a different
vulnerability than CVE-2011-4153.

Comment 1 Vincent Danen 2012-01-18 22:40:33 UTC
This should be corrected in 5.3.9, as per this note in the PHP 5.3.9 changelog:

Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)

The upstream commit to fix is here:

http://svn.php.net/viewvc?view=revision&revision=319254

Comment 2 Huzaifa S. Sidhpurwala 2012-02-06 06:44:38 UTC
This issue affects the version of php as shipped with Red Hat Enterprise Linux 6.

This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Since neither of these packages ship the standard PHP module providing tidy library support.

This issue did not affect the version of php as shipped with Fedora 15 and Fedora 16.

Comment 5 errata-xmlrpc 2012-06-27 15:52:51 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html


Note You need to log in before you can comment on or make changes to this bug.