1305523 – (CVE-2016-10712) CVE-2016-10712 php: Output of stream_get_meta_data can be falsified by its input

Bug 1305523 (CVE-2016-10712) - CVE-2016-10712 php: Output of stream_get_meta_data can be falsified by its input

Summary: CVE-2016-10712 php: Output of stream_get_meta_data can be falsified by its input

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-10712
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1305565
Blocks:	1305564
TreeView+	depends on / blocked

Reported:	2016-02-08 13:52 UTC by Adam Mariš
Modified:	2019-09-29 13:44 UTC (History)
CC List:	11 users (show)
Fixed In Version:	php 5.6.18, php 5.5.32
Clone Of:
Environment:
Last Closed:	2017-09-07 12:49:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-02-08 13:52:14 UTC

It was found that php_stream_populate_meta_data is not restricted to writing into fields that are not already set, instead php_stream with ops set to php_stream_temp_ops fills the metadata with whatever the user supplies. 

Upstream bug:

https://bugs.php.net/bug.php?id=71323

Upstream patch:

https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5

Comment 1 Adam Mariš 2016-02-08 15:13:23 UTC

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1305565]

Comment 2 Tomas Hoger 2017-09-07 12:49:56 UTC

Limited integrity impact, unlikely to affect many use cases.  No plan to backport the fix to existing products.

Note You need to log in before you can comment on or make changes to this bug.