Bug 782951 - (CVE-2012-0781) CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120110,reported=2...
: Security
Depends On: 830729 830730
Blocks: 782956 835959
  Show dependency treegraph
 
Reported: 2012-01-18 17:34 EST by Vincent Danen
Modified: 2016-03-04 07:22 EST (History)
3 users (show)

See Also:
Fixed In Version: php 5.3.9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-27 13:15:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-01-18 17:34:43 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0781 to
the following vulnerability:

Name: CVE-2012-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0781
Assigned: 20120118
Reference: http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Reference: http://www.exploit-db.com/exploits/18370/
Reference: http://cxsecurity.com/research/103

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via crafted input to an application that attempts to perform
Tidy::diagnose operations on invalid objects, a different
vulnerability than CVE-2011-4153.
Comment 1 Vincent Danen 2012-01-18 17:40:33 EST
This should be corrected in 5.3.9, as per this note in the PHP 5.3.9 changelog:

Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)

The upstream commit to fix is here:

http://svn.php.net/viewvc?view=revision&revision=319254
Comment 2 Huzaifa S. Sidhpurwala 2012-02-06 01:44:38 EST
This issue affects the version of php as shipped with Red Hat Enterprise Linux 6.

This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Since neither of these packages ship the standard PHP module providing tidy library support.

This issue did not affect the version of php as shipped with Fedora 15 and Fedora 16.
Comment 5 errata-xmlrpc 2012-06-27 11:52:51 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html

Note You need to log in before you can comment on or make changes to this bug.