Zero-Day Advisory
Fortinet Discovers Multiple Integer Overflow Vulnerabilities in PHP
Summary
Multiple integer overflow vulnerabilities were discovered in PHP 5.
These vulnerabilities could cause memory corruption due to integer-overflow. Successful exploitation of these vulnerabilities could lead to denial-of-service. Remote code execution is also possible under some conditions.
Solutions
Users should apply the solution provided by PHP.Additional Information
The vulnerability details can be found below.
Version 5.6.25
Bz2: Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Curl: Fixed bug #72807 (integer overflow in curl_escape caused heap corruption).
Ereg: Fixed bug #72838 (Integer overflow lead to heap corruption in sql_regcase).
Standard:
Fixed bug #72836 (integer overflow in base64_decode).
Fixed bug #72848 (integer overflow in quoted_printable_encode).
Fixed bug #72849 (integer overflow in urlencode).
Fixed bug #72850 (integer overflow in php_uuencode).
Version 5.6.26
Sec Bug #73011 [Asn]: integer overflow in fgets cause heap corruption
Sec Bug #73016 [Opn]: integer overflow in recode_string caused heap corruption
Sec Bug #72893 [Asn]: integer overflow in pg_escape_bytea caused heap corruption
Sec Bug #72874 [Asn]: integer overflow in pg_escape_string caused heap corruption
Sec Bug #72875 [Asn]: integer overflow in php_ldap_do_escape caused heap corruption
Sec Bug #72876 [Asn]: integer overflow in str_pad caused heap corruption
Sec Bug #72894 [Asn]: integer overflow in imap_binary caused heap corruption
Sec Bug #72895 [Asn]: integer overflow in preg_quote caused heap corruption
References
Acknowledgement
This vulnerability was discovered by Tien Phan of Fortinet's FortiGuard Labs.