Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624054 (CVE-2017-11628)

Summary: <dev-lang/php-{5.6.31, 7.0.21}: PHP INI Parsing Stack Buffer Overflow Vulnerability
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.php.net/bug.php?id=74603
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 624052    
Bug Blocks:    

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-06 20:06:29 UTC
From $URL:

Description:
------------
A stack buffer overflow exists in the latest stable release of PHP-7.1.5 and PHP-5.6.30 in PHP INI parsing API, which may accept network / local filesystem input. On malformed inputs, a stack buffer overflow in zend_ini_do_op() could write 1-byte off a fixed size stack buffer. On installations with the stack smashing mitigation, this would cause an immediate DoS; up to optimization levels, build options and stack buffer overflow mitigations, this vulnerability may allow corrupting other local variables or the frame pointer, potentially allows remotely executing code.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-09-10 04:26:55 UTC
Please confirm that this fix is in =dev-lang/php-7.0.23 as being stabilized as part of bug 629452
Comment 2 Brian Evans (RETIRED) gentoo-dev 2017-09-10 12:31:08 UTC
(In reply to Yury German from comment #1)
> Please confirm that this fix is in =dev-lang/php-7.0.23 as being stabilized
> as part of bug 629452

This bug was fixed with PHP 7.0.21 and 7.1.7
Comment 3 Brian Evans (RETIRED) gentoo-dev 2017-09-10 12:38:59 UTC
Also fixed with PHP 5.6.31 as well
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-09-24 19:03:15 UTC
This issue was resolved and addressed in
 GLSA 201709-21 at https://security.gentoo.org/glsa/201709-21
by GLSA coordinator Aaron Bauman (b-man).