Bug 1685408 (CVE-2019-9025) - CVE-2019-9025 php: Negative size parameter in mb_split
Summary: CVE-2019-9025 php: Negative size parameter in mb_split
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-9025
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1680558
TreeView+ depends on / blocked
 
Reported: 2019-03-05 06:51 UTC by Dhananjay Arunesh
Modified: 2019-09-29 15:08 UTC (History)
4 users (show)

Fixed In Version: php 7.3.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-13 05:34:53 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-03-05 06:51:00 UTC
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

Upstream commit:
http://git.php.net/?p=php-src.git;a=commit;h=e617f03066ce81d26f56c06d6bd7787c7de08703
http://git.php.net/?p=php-src.git;a=commit;h=11ce508ee3390d4e68542c9fdae1277e3e75a573

Reference:
https://bugs.php.net/bug.php?id=77367

Comment 1 Huzaifa S. Sidhpurwala 2019-05-13 05:34:59 UTC
Statement:

This ship only affects PHP 7.3 which is not currently shipped with any Red Hat Products.


Note You need to log in before you can comment on or make changes to this bug.