Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHPMapScript vulnerabilities in error handling #6014

Closed
jmckenna opened this issue Mar 20, 2020 · 2 comments
Closed

PHPMapScript vulnerabilities in error handling #6014

jmckenna opened this issue Mar 20, 2020 · 2 comments

Comments

@jmckenna
Copy link
Member

jmckenna commented Mar 20, 2020

  • Public ticket to record reported PHPMapScript vulnerabilities in error handling, initially reported by @0xbigshaq

  • Patch has been created and will now be applied to branches 6.4, 7.0, 7.2, 7.4, master, and new releases of 6.4.6, 7.4.4 and 7.6.0

  • Note that these vulnerabilities do not affect SWIG MapScript support, and this ticket should be a strong hint to all users and packagers to switch to the maintained SWIG MapScript PHP7 support.

@jmckenna
Copy link
Member Author

jmckenna commented Mar 21, 2020

Fixed in 7.4.4 and 6.4.6 releases.

@sdlime
Copy link
Member

sdlime commented Mar 24, 2020

This issue addresses:

CVE-2020-10872: A buffer overflow in PHP/MapScript exception handling in MapServer through 7.4 could result in denial of service or remote code execution.

CVE-2020-10873: PHP/MapScript exception handling in MapServer through 7.4 could result in leaking values from the stack because of a double vsprintf call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants