PHP is vulnerable to an integer overflow in the mysqli_api.c:mysqli_real_escape_string() function. An attacker could exploit this by performing a crafted query to cause a crash. Upstream Bug: https://bugs.php.net/bug.php?id=74544
Created php tracking bugs for this issue: Affects: fedora-all [bug 1614880]
Upstream patch: https://bugs.php.net/patch-display.php?bug_id=74544&patch=bug74544.diff&revision=1500891082&download=1
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 6 and 7 (versions 5.3.3 and 5.4.16, respectively).
Notice: this issue is not considered by upstream as a security issue, as it rely on bad local configuration (no memory limit) See: https://wiki.php.net/security
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-9120