Source: php7.0 Version: 7.0.19-1 Severity: important Tags: security upstream Forwarded: https://bugs.php.net/bug.php?id=74577 Control: clone -1 -2 Control: reassign -2 src:php7.1 7.1.8-1 Control: retitle -2 php7.1: CVE-2017-8923: Overflowing the length of string causes crash
Hi, the following vulnerability was published for php7.0 and php7.1. CVE-2017-8923[0]: | The zend_string_extend function in Zend/zend_string.h in PHP through | 7.1.5 does not prevent changes to string objects that result in a | negative length, which allows remote attackers to cause a denial of | service (application crash) or possibly have unspecified other impact | by leveraging a script's use of .= with a long string. Attached to [1] and [2] are POCs to demostrate the issue (verified on i386 sid). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8923 [1] https://bugs.php.net/bug.php?id=74577 [2] https://bugs.php.net/bug.php?id=73122 Regards, Salvatore