Bug 624056

Summary:	<dev-lang/php-{5.6.31, 7.0.21, 7.1.7}: wddx_deserialize() heap out-of-bound read via php_parse_date()
Product:	Gentoo Security	Reporter:	Christopher Díaz Riveros (RETIRED) <chrisadr>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	php-bugs
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.php.net/bug.php?id=74819
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-06 20:09:26 UTC

From $URL:

Description:
------------
While deserializing an invalid dateTime value, wddx_deserialize() would result in a heap out-of-bounds read in timelib_meridian(). As wddx_deserialize() is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process memory. It should also affect other PHP APIs that make use of timelib_meridian().

Comment 1 D'juan McDonald (domhnall) 2017-09-10 01:03:18 UTC

upstream patch:

https://gist.github.com/bd77ac90d3bdf31ce2a5251ad92e9e75

Comment 2 Yury German Gentoo Infrastructure

2017-09-10 04:17:32 UTC

Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in bug #629452

Comment 3 Brian Evans (RETIRED) gentoo-dev

2017-09-10 12:29:17 UTC

(In reply to Yury German from comment #2)
> Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in
> bug #629452

This bug was fixed with PHP 7.0.21 and 7.1.7.

Comment 4 Brian Evans (RETIRED) gentoo-dev

2017-09-10 12:39:36 UTC

Also fixed with PHP 5.6.31 as well

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2017-09-24 19:06:33 UTC

GLSA Vote: No