First Last Prev Next    This bug is not in your last search results.
Bug 1338912 - (CVE-2015-8879) CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns
CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150722,reported=2...
: Security
Depends On: 1338927
Blocks: 1338914
  Show dependency treegraph
 
Reported: 2016-05-23 11:39 EDT by Andrej Nemec
Modified: 2016-06-01 09:26 EDT (History)
13 users (show)

See Also:
Fixed In Version: php 5.6.12
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-06-01 09:25:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrej Nemec 2016-05-23 11:39:45 EDT 
A vulnerability was found in php. The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.

Upstream bug:

https://bugs.php.net/bug.php?id=69975
Comment 1 Andrej Nemec 2016-05-23 12:36:17 EDT 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1338927]
Comment 2 Tomas Hoger 2016-06-01 09:25:13 EDT 
Upstream commits:

http://git.php.net/?p=php-src.git;a=commitdiff;h=16db4d1462bf3eacb93c0cd940f799160a284b24
http://git.php.net/?p=php-src.git;a=commitdiff;h=344ff5dd4c538eaebea075f7705321f8b86d0b47

This bug is triggered when using certain ODBC drivers and when database columns have certain types.  If a PHP application access such columns, it triggers the problem.  No malicious request is needed.  It does not seem this bug should have been classified as security issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.