Bugzilla – Bug 987546
VUL-0: CVE-2016-5873: php5-pecl_http: Buffer overflow in HTTP url parsing functions
Last modified: 2016-07-06 16:02:52 UTC
Courtesy bug for server:php:extensions/php5-pecl_http: https://bugs.php.net/bug.php?id=71719 The url parsing functions of the PECL HTTP extension allow overflowing a buffer with data originating from an arbitrary HTTP request. Affected are the parse_*() functions in php_http_url.c that are called from within php_http_url_parse(). Other parsing functions were not tested but might be affected as well. The problem occurs when non-printable characters contained in an URL are converted into percent-encoding. The state->offset used in these functions is incremented without sufficient checks regarding the size of the allocated state->buffer. https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5 http://seclists.org/oss-sec/2016/q2/622 server:php:extensions/php5-pecl_http is at 2.5.5. Fixed in 3.0.1, 2.5.6 . References: https://bugzilla.redhat.com/show_bug.cgi?id=1351193 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5873 http://seclists.org/oss-sec/2016/q2/622 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5873.html
bugbot adjusting priority
Fixed in SR#406988