get_icu_value_internal out-of-bounds read
Unknown
Vulnerability Details
https://bugs.php.net/bug.php?id=72241
Absence of null character terminator causes unexpected zend_string length and leaks heap memory when using several intl functions that commonly receive user input:
- locale_canonicalize
- locale_filter_matches
- locale_lookup
- locale_parse
- locale_get_primary_language
This affected PHP version 5.5, 5.6 and 7.0, patch released today:
http://php.net/ChangeLog-5.php#5.5.36
Actions
View on HackerOneReport Stats
- Report ID: 141197
- State: Closed
- Substate: resolved
- Upvotes: 1