php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #64879 Heap based buffer overflow in quoted_printable_encode
Submitted: 2013-05-20 08:53 UTC Modified: 2013-06-08 09:17 UTC
From: stas@php.net Assigned: stas (profile)
Status: Closed Package: Strings related
PHP Version: 5.3.25 OS: *
Private report: No CVE-ID: 2013-2110
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: stas@php.net
New email:
PHP Version: OS:

 

 [2013-05-20 08:53 UTC] stas@php.net 
Description:
------------
quoted_printable_encode calculates the string size wrong, so overflow is 
possible. 

Test script:
---------------
quoted_printable_encode(str_repeat("\xf4", 1000));

Expected result:
----------------
No crash

Actual result:
--------------
Segfault

Patches

quotedfix (last revision 2013-05-22 07:07 UTC by stas@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-20 08:54 UTC] stas@php.net
-CVE-ID: +CVE-ID: 2013-2110
 [2013-05-22 07:07 UTC] stas@php.net 
The following patch has been added/updated:

Patch Name: quotedfix
Revision:   1369206432
URL:        https://bugs.php.net/patch-display.php?bug=64879&patch=quotedfix&revision=1369206432
 [2013-06-05 05:01 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2013-06-05 05:01 UTC] stas@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2021-10-03 23:10 UTC] php5443 at gmail dot com 
https://maps.google.lv/url?q=https%3A%2F%2Fa.tvfun.me%2Fvideo%2Fal-kadiboun-wa-chomou3ohom-ep-1%2F
https://maps.google.ee/url?q=https%3A%2F%2Fa.tvfun.me%2Fvideo%2Fal-kadiboun-wa-chomou3ohom-ep-1%2F
https://maps.google.ca/url?q=https%3A%2F%2Fa.tvfun.me%2Fvideo%2Fal-kadiboun-wa-chomou3ohom-ep-1%2F
https://maps.google.co.cr/url?q=https%3A%2F%2Fa.tvfun.me%2Fvideo%2Fal-kadiboun-wa-chomou3ohom-ep-1%2F
https://maps.google.is/url?q=https%3A%2F%2Fa.tvfun.me%2Fvideo%2Fal-kadiboun-wa-chomou3ohom-ep-1%2F
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC