Red Hat Bugzilla – Bug 782951
CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
Last modified: 2016-03-04 07:22:30 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0781 to
the following vulnerability:
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via crafted input to an application that attempts to perform
Tidy::diagnose operations on invalid objects, a different
vulnerability than CVE-2011-4153.
This should be corrected in 5.3.9, as per this note in the PHP 5.3.9 changelog:
Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)
The upstream commit to fix is here:
This issue affects the version of php as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Since neither of these packages ship the standard PHP module providing tidy library support.
This issue did not affect the version of php as shipped with Fedora 15 and Fedora 16.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html