Bug 1162632 (CVE-2020-7060) - VUL-0: CVE-2020-7060: php5,php72,php7,php53: Global buffer-overflow in mbfl_filt_conv_big5_wchar function
Summary: VUL-0: CVE-2020-7060: php5,php72,php7,php53: Global buffer-overflow in mbfl_f...
Status: RESOLVED FIXED
Alias: CVE-2020-7060
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/252319/
Whiteboard: CVSSv2:NVD:CVE-2020-7060:6.4:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-04 11:57 UTC by Robert Frohl
Modified: 2020-05-27 15:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-02-04 11:57:06 UTC
rh#1797779

A flaw was found in php before 7.4.2. A global buffer overflow in mbfl_filt_conv_big5_wchar function may lead to corruption of memory data.

Upstream issue:

http://bugs.php.net/79037

Patch:

https://git.php.net/?p=php-src.git;a=commitdiff;h=2bcbc95f033c31b00595ed39f79c3a99b4ed0501

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1797779
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7060
Comment 2 Petr Gajdos 2020-02-05 13:28:51 UTC
valgrind does not reveal any memory issue for me with the reporter's testcase, nor in the testcase from https://gist.github.com/cmb69/951f7404fda6d71400ac63dcbe3b1463.

Using the upstream commit test:
<?php
var_dump(mb_convert_encoding("\x81\x3a", "UTF-8", "CP950"));
?>


BEFORE

15/php7

$ php bug79037.php
string(3) "脺"
$


PATCH

referenced in comment 0

11sp3/php53 output:
$ USE_ZEND_ALLOC=0 valgrind  -q php bug79037.php
string(2) "?:"
$
The code not found. Considering not affected.


AFTER

15/php7

$ php bug79037.php 
string(1) "?"
$
Comment 4 Petr Gajdos 2020-02-05 13:31:21 UTC
Will submit for 15/php7, 12/php72.
Comment 6 Petr Gajdos 2020-02-05 15:54:19 UTC
Also committed to devel:languages:php:php56/php5.
Comment 7 Petr Gajdos 2020-02-05 15:56:30 UTC
Packages submitted, I believe all fixed.
Comment 10 Petr Gajdos 2020-02-10 14:52:04 UTC
Submitted also for 12/php5.
Comment 12 Swamp Workflow Management 2020-02-18 17:14:02 UTC
SUSE-SU-2020:0397-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1161982,1162629,1162632
CVE References: CVE-2019-20433,CVE-2020-7059,CVE-2020-7060
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    php72-7.2.5-1.37.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php72-7.2.5-1.37.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php72-7.2.5-1.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2020-02-28 14:27:02 UTC
SUSE-SU-2020:0522-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1145095,1146360,1154999,1159922,1159923,1159924,1159927,1161982,1162629,1162632
CVE References: CVE-2019-11041,CVE-2019-11042,CVE-2019-11043,CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2020-7059,CVE-2020-7060
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php5-5.5.14-109.68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-109.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-03-09 20:24:28 UTC
SUSE-SU-2020:0622-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1162629,1162632,1165280,1165289
CVE References: CVE-2020-7059,CVE-2020-7060,CVE-2020-7062,CVE-2020-7063
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    php7-7.2.5-4.52.4
SUSE Linux Enterprise Server 15-LTSS (src):    php7-7.2.5-4.52.4
SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src):    php7-7.2.5-4.52.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    php7-7.2.5-4.52.4
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    php7-7.2.5-4.52.4
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    php7-7.2.5-4.52.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2020-03-15 11:11:27 UTC
openSUSE-SU-2020:0341-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1162629,1162632,1165280,1165289
CVE References: CVE-2020-7059,CVE-2020-7060,CVE-2020-7062,CVE-2020-7063
Sources used:
openSUSE Leap 15.1 (src):    php7-7.2.5-lp151.6.22.1, php7-test-7.2.5-lp151.6.22.1
Comment 18 Wolfgang Frisch 2020-05-27 15:25:26 UTC
Done.