Описание
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
An integer overflow vulnerability in PHP can lead to a buffer overflow when constructing extremely long strings with the ".=" operator. In unusual circumstances, this could be used by an attacker to cause an application to crash or possibly have other consequences.
Отчет
This issue is only practical to exploit on 32-bit systems, and then only when the memory limit is raised from its default to a value larger than 2 GiB. The default settings make exploitation impossible. For these reasons, PHP upstream developers do not consider this to be a security issue. Red Hat Software Collections and Red Hat Enterprise Linux 7 and later only distribute PHP built for 64-bit systems.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Affected | ||
| Red Hat Software Collections | rh-php56-php | Not affected | ||
| Red Hat Software Collections | rh-php70-php | Will not fix | ||
| Red Hat Software Collections | rh-php73-php | Will not fix | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2023:2903 | 16.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...
EPSS
7.5 High
CVSS3