Bugzilla – Bug 1138173
VUL-0: CVE-2019-11039: php5,php72,php7,php53: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
Last modified: 2023-10-26 10:35:45 UTC
CVE-2019-11039 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow Upstream bug: https://bugs.php.net/bug.php?id=78069 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11039 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11039.html
Created attachment 807644 [details] proof of concept from the upstream bugzilla test.php <?php $hdr = iconv_mime_decode_headers(file_get_contents("poc"),2); ?> $ USE_ZEND_ALLOC=0 valgrind -q php test.php PHP Notice: iconv_mime_decode_headers(): Detected an illegal character in input string in /138173/test.php on line 2 $ No valgrind error reported. I had also tried with asan, no report either.
Will submit for: 15/php7, 12/php72,php7,php5, 11sp3/php53, and 11,10sp3/php5.
I believe all fixed.
SUSE-SU-2019:1725-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1119396,1138172,1138173 CVE References: CVE-2019-11039,CVE-2019-11040 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php7-7.0.7-50.80.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php7-7.0.7-50.80.2 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-50.80.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1724-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1138172,1138173 CVE References: CVE-2019-11039,CVE-2019-11040 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php72-7.2.5-1.20.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php72-7.2.5-1.20.2 SUSE Linux Enterprise Module for Web Scripting 12 (src): php72-7.2.5-1.20.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1746-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1137633,1138172,1138173 CVE References: CVE-2015-1351,CVE-2019-11039,CVE-2019-11040 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.63.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php5-5.5.14-109.63.2 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.63.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1832-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1138172,1138173 CVE References: CVE-2019-11039,CVE-2019-11040 Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): php7-7.2.5-4.35.3 SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.35.3 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): php7-7.2.5-4.35.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): php7-7.2.5-4.35.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): php7-7.2.5-4.35.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1778-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1138172,1138173 CVE References: CVE-2019-11039,CVE-2019-11040 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.6.1 openSUSE Leap 15.0 (src): php7-7.2.5-lp150.2.22.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2019-08-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64336
Done
This is an autogenerated message for OBS integration: This bug (1138173) was mentioned in https://build.opensuse.org/request/show/802846 Factory / php7
This is an autogenerated message for OBS integration: This bug (1138173) was mentioned in https://build.opensuse.org/request/show/802978 Factory / php7
This is an autogenerated message for OBS integration: This bug (1138173) was mentioned in https://build.opensuse.org/request/show/804946 Factory / php7
This is an autogenerated message for OBS integration: This bug (1138173) was mentioned in https://build.opensuse.org/request/show/805287 Factory / php7
This is an autogenerated message for OBS integration: This bug (1138173) was mentioned in https://build.opensuse.org/request/show/1120490 Backports:SLE-15-SP5 / php81