First Last Prev Next    This bug is not in your last search results.
Bug 1103661 - (CVE-2017-9120) VUL-0: CVE-2017-9120: php7 Integer overflow in mysqli_api.c:mysqli_real_escape_string()
(CVE-2017-9120)
VUL-0: CVE-2017-9120: php7 Integer overflow in mysqli_api.c:mysqli_real_escap...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/212145/
CVSSv3:RedHat:CVE-2017-9120:5.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-03 06:22 UTC by Marcus Meissner
Modified: 2021-09-14 12:46 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
CVE-2017-9120.php (175 bytes, application/x-php)
2018-08-03 06:26 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-08-03 06:22:32 UTC 
rh#1611898

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified other
impact via a long string because of an Integer overflow in
mysqli_real_escape_string.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1611898
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9120
https://bugs.php.net/bug.php?id=74544
Comment 1 Marcus Meissner 2018-08-03 06:26:52 UTC 
Created attachment 778808 [details]
CVE-2017-9120.php

QA REPRODUCER:

needs php mysql installed and the reproducer needs a valid mysql connection inside.

php CVE-2017-9120.php
Comment 2 Petr Gajdos 2018-08-04 08:53:21 UTC 
Hmm I somewhat dislike when CVE is assigned without cooperation with upstream. php bug 74544 was turned from security to normal type of the bug by upstream and therefore perceived as a marginal security issue if any no worth a CVE.

I also tried to reproduce with php 7.2.7 and mariadb without any segfault or valgrind errors.

Until more information is known, I will use the patch attached to the bug, as it looks reasonable.
Comment 3 Petr Gajdos 2018-08-04 09:14:24 UTC 
12/php5, 11sp3/php53, 11/php5 and 10sp3/php5 use safe_emalloc(), not affected.
Comment 4 Petr Gajdos 2018-08-04 09:14:41 UTC 
Will submit for 15/php7 and 12/php7.
Comment 5 Petr Gajdos 2018-08-04 09:36:52 UTC 
I believe all fixed.
Comment 7 Swamp Workflow Management 2018-08-16 07:08:27 UTC 
SUSE-SU-2018:2333-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1103659,1103661
CVE References: CVE-2017-9120,CVE-2018-14851
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php7-7.0.7-50.44.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-50.44.1
Comment 8 Swamp Workflow Management 2018-08-16 07:11:20 UTC 
SUSE-SU-2018:2337-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1103659,1103661
CVE References: CVE-2017-9120,CVE-2018-14851
Sources used:
SUSE Linux Enterprise Module for Web Scripting 15 (src):    php7-7.2.5-4.6.1
Comment 9 Swamp Workflow Management 2018-08-17 10:31:44 UTC 
openSUSE-SU-2018:2405-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1103659,1103661
CVE References: CVE-2017-9120,CVE-2018-14851
Sources used:
openSUSE Leap 42.3 (src):    php7-7.0.7-43.1
openSUSE Leap 15.0 (src):    php7-7.2.5-lp150.2.9.1
Comment 10 Marcus Meissner 2018-09-11 10:04:27 UTC 
released
Comment 20 OBSbugzilla Bot 2020-05-12 08:00:17 UTC 
This is an autogenerated message for OBS integration:
This bug (1103661) was mentioned in
https://build.opensuse.org/request/show/802846 Factory / php7
First Last Prev Next    This bug is not in your last search results.