[php-maint] Bug#359907: Security: Binary safety issue in
html_entity_decode() may leak memory
Moritz Naumann
info at moritz-naumann.com
Wed Mar 29 13:32:08 UTC 2006
Package: php4
Version: 5:5.1.2-1
Severity: grave
Tags: security
Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.
Quoting Stefan Esser:
> The bug is a binary safety issue in html_entity_decode. A function
> that is not usually used on user input, because user input is usually
> not expected in HTML format and then decoded. Even if the function is
> used on user input it can only leak memory to a potential attacker if
> the decoded user input is send back to the client.
>
> The bug was found in late February by one of the japanese PHP
> developers and was fixed in CVS one day later. Because the bug is a
> local memory leak it was not considered top critical and is among the
> usual bugfixes. PHP 5.1.3-RC1 which was released in the beginning of
> March already fixes this issue.
References:
[1]
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044544.html
(follow the thread)
[2]
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/thread.html
(search the page for 'Critical PHP bug' to find additional threads)
[3] http://bugs.gentoo.org/127939
Credits:
- Developer advisory: "One of the japanese PHP developers" (according to
S. Esser)
- Public disclosure: Tõnu Samuel (tonu at jes.ee)
-- System Information:
Debian Release: testing/unstable
More information about the pkg-php-maint
mailing list