Bug 1305523 (CVE-2016-10712) - CVE-2016-10712 php: Output of stream_get_meta_data can be falsified by its input
Summary: CVE-2016-10712 php: Output of stream_get_meta_data can be falsified by its input
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-10712
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1305565
Blocks: 1305564
TreeView+ depends on / blocked
 
Reported: 2016-02-08 13:52 UTC by Adam Mariš
Modified: 2019-09-29 13:44 UTC (History)
11 users (show)

Fixed In Version: php 5.6.18, php 5.5.32
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-07 12:49:56 UTC


Attachments (Terms of Use)

Description Adam Mariš 2016-02-08 13:52:14 UTC
It was found that php_stream_populate_meta_data is not restricted to writing into fields that are not already set, instead php_stream with ops set to php_stream_temp_ops fills the metadata with whatever the user supplies. 

Upstream bug:

https://bugs.php.net/bug.php?id=71323

Upstream patch:

https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5

Comment 1 Adam Mariš 2016-02-08 15:13:23 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1305565]

Comment 2 Tomas Hoger 2017-09-07 12:49:56 UTC
Limited integrity impact, unlikely to affect many use cases.  No plan to backport the fix to existing products.


Note You need to log in before you can comment on or make changes to this bug.