978591 – (CVE-2016-3132) VUL-0: CVE-2016-3132: php5: Double Free in Standard PHP Library Double Link List

Bug 978591 (CVE-2016-3132) - VUL-0: CVE-2016-3132: php5: Double Free in Standard PHP Library Double Link List

Summary: VUL-0: CVE-2016-3132: php5: Double Free in Standard PHP Library Double Link List

Status:	RESOLVED FIXED

Alias:	CVE-2016-3132

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2016-3132:5.1:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-05 07:37 UTC by Marcus Meissner
Modified:	2016-05-10 11:45 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-05-05 07:37:27 UTC

via twitter

http://www.libnex.org/blog/doublefreeinstandardphplibrarydoublelinklist

I found a double free vulnerability in the Standard PHP Library (SPL). While writing the exploit, I can't seem to find much write up on how PHP manages their heap internally. Through this blogpost I'll shed some light on this topic as well as my approach to exploit a double-free vulnerability like this within PHP. 

[... long write up ... ]

https://bugs.php.net/bug.php?id=71735

Comment 1 Swamp Workflow Management 2016-05-05 22:00:14 UTC

bugbot adjusting priority

Comment 2 Petr Gajdos 2016-05-09 15:47:33 UTC

Fixed by upgrade to 7.0.6 in factory.

I am not able to reproduce with 5.6.1 and also reporter says it affects only php7.