Bugzilla – Bug 1222855
VUL-0: CVE-2024-2757: php7,php72,php74,php8: php: mb_encode_mimeheader runs endlessly for some inputs
Last modified: 2024-05-31 13:14:02 UTC
Certain inputs provided to mb_encode_mimeheader trigger an endless loop. A discernible pattern has not yet been identified, but a specific string consistently reproduces the issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-2757 https://seclists.org/oss-sec/2024/q2/113 https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq https://bugzilla.redhat.com/show_bug.cgi?id=2275068
QA REPRODUCER: Summary ------- Certain inputs provided to mb_encode_mimeheader trigger an endless loop. Details ------- A discernible pattern has not yet been identified, but a specific string consistently reproduces the issue. PoC --- In PHP 8.3.3, execute: <?php mb_internal_encoding('UTF-8'); mb_encode_mimeheader(",9868949,9868978,9869015,9689100,9869121,9869615,9870690,9867116,98558119861183. ", "utf-8", "B"); The mb_encode_mimeheader function seems to enter an infinite loop and fails to return.
zypper in php-mbstring before reproducing
does not seem to affect 8.1 from phub affects factory with 8.3.4
Advisory related to this CVE: https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
https://github.com/php/php-src/commit/3394efc63e52a017995f92d8da4ef28224247bb3
Submitted for: Tumbleweed only, 8.3 issue (mb_mime_header_encode)
All done, closing.