1359822 – (CVE-2016-6296) CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c

Bug 1359822 (CVE-2016-6296) - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c

Summary: CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-6296
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1359837 1359838
Blocks:	1359830
TreeView+	depends on / blocked

Reported:	2016-07-25 13:53 UTC by Adam Mariš
Modified:	2020-01-17 15:51 UTC (History)
CC List:	15 users (show)
Fixed In Version:	php 5.5.36, php 5.6.24, php 7.0.9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-26 18:23:23 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2750	0	normal	SHIPPED_LIVE	Moderate: rh-php56 security, bug fix, and enhancement update	2016-11-15 16:40:02 UTC

Description Adam Mariš 2016-07-25 13:53:01 UTC

It was found that String length checks in simplestring_addn in simplestring.c use length as signed integers, which can be used by a malicious php script to cause out of bounds write on the heap.

PHP bug:

https://bugs.php.net/bug.php?id=72606

PHP fix:

http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa

CVE assignment:

http://seclists.org/oss-sec/2016/q3/137

Comment 1 Adam Mariš 2016-07-25 14:10:35 UTC

Created xmlrpc-epi tracking bugs for this issue:

Affects: fedora-all [bug 1359838]

Comment 2 Adam Mariš 2016-07-25 14:10:45 UTC

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1359837]

Comment 3 errata-xmlrpc 2016-11-15 11:44:17 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS

Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html

Note You need to log in before you can comment on or make changes to this bug.