oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request - PECL-HTTP 3.0.0 Buffer overflow

From: cve-assign () mitre org
Date: Wed, 29 Jun 2016 06:56:57 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


a buffer overflow was discovered in url parsing
functions of the PECL HTTP extension.
The bug allowed a partial overwrite of a callback function pointer
possibly leading to execution of arbitrary code.

For the original bug report to the PHP bug tracker, please see:

  https://bugs.php.net/bug.php?id=71719

included in PECL-HTTP 3.0.1 that was released the same day:

  https://pecl.php.net/package/pecl_http/3.0.1
  Release notes Version 3.0.1
  * Fix php-bug #71719: Buffer overflow in HTTP url parsing functions (Mike, rc0r)

This flaw was fixed in commit [3724cd7]

https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5


Use CVE-2016-5873 for the entire issue described in this commit, i.e.,
"The parser's offset was not reset when we softfail in scheme parsing
and continue to parse a path" and the accompanying change to maxlen in
the php_http_url_parse function.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXc6jUAAoJEHb/MwWLVhi2MLwQAK1r9jq7D6vcm23wuNd7yhwz
y7VH1oflcJokHblJKyF+pNjZQ9tjGpsAnWqm2GHBEgH4yE297gVYg/WmhNauZZpE
RUyCk6OCKXLBBNyFvP9YfJG7KJFp1OejEvmYFv/SD5pUquwv+hAWHwOoZucaESRH
ivscwV1ILF4v+n61CPfMHtkmBk8XXggTnvHFGjTkQhekt2makC0pENId9SF4lzh1
xkN9FzHJSviNkymSwX+CSvdUVjxa2UPenwAIjULw6dPZXSKgUWfCEXXFDiYI6Krt
jeqxFMiAuKRfeCFnS3pr3wpFs2n7j7dBLL6+nH35Ex58lEaresdDRpRs5F/TIqU1
B6xY30m0JeNaq5a6M7YEA1fWpAsLU6DuaDKkUt7uTSv525TULzmEBXhWh/ZZQbpw
rMf+TyA+0cpgcmkTJx0ngmKpnlRuf/gCHf0/2no2N7t0dDqJR/KCEZd8NQSSbqOv
GUNi2QYeII0b7ZibmB13W3paqqo2XzvEFeqqKCUoIrYiSEBLLKtu5nbrA9JzJd3E
WR8RgGFpKfbntvzqXdmVyqohjh11GGY0qy9/IrSk9AYQHjGO/5/ZZXUpd50h9v7F
pgr1tLArI/sNgnuugpyMcJX/bgvbpIPAJdg7hQGldgdoYnBCY/n4F7tZzalOzu6T
nCkssdBqv91hfjwnGGd2
=im8F
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: