Bugzilla – Bug 914984
VUL-0: CVE-2015-1353: php5: integer overflow in the conversion of dates to "Julian Day Count" function
Last modified: 2020-04-01 22:12:16 UTC
rh#1185896 Integer overflow was reported in PHP [1]. The commit that fixes this, with a PoC can be found here: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1 [1]: http://seclists.org/oss-sec/2015/q1/190 References: https://bugzilla.redhat.com/show_bug.cgi?id=1185896 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1353 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1353.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1353
bugbot adjusting priority
One of the offended function looks like: long int JulianToSdn( int inputYear, int inputMonth, int inputDay) { int year; int month; /* check for invalid dates */ if (inputYear == 0 || inputYear < -4713 || inputMonth <= 0 || inputMonth > 12 || inputDay <= 0 || inputDay > 31) { return (0); } /* check for dates before SDN 1 (Jan 2, 4713 B.C.) */ if (inputYear == -4713) { if (inputMonth == 1 && inputDay == 1) { return (0); } } /* Make year always a positive number. */ if (inputYear < 0) { year = inputYear + 4801; } else { year = inputYear + 4800; } /* Adjust the start of the year. */ if (inputMonth > 2) { month = inputMonth - 3; } else { month = inputMonth + 9; year--; } return ((year * DAYS_PER_4_YEARS) / 4 + (month * DAYS_PER_5_MONTHS + 2) / 5 + inputDay - JULIAN_SDN_OFFSET); } So this looks like pure function [int,int,int] -> [long int] without any side efects. No security threat follow from it even when integer overflow happens I think. For GregorianToSdn() similar argument holds. Until you prove otherwise, closing as invalid.