CVE-2024-8929 mysqlnd: Leak partial content of the heap through heap buffer over-read

[remicollet]

Fix not backported from 8.1.31

• php/php-src@2f5aa9f
• php/php-src@32f905f

The fix did not apply safely, need some adaptations, and raise segfault in test suite, so more work needed.

Notice: this security flaw requires a specially crafted answer from the server, so is very unlikely to be exploitable in a sane env (using a trusted server)/

[remicollet]

Help welcome if someone have time to work on this, perhaps @bukka may help (despite he is usually very busy)

[bukka]

I don't understand. The fix was developed against 8.1 and pipeline was green: https://github.com/php/php-src/actions/runs/11916010048/job/33207651714 . What segfault are your referring to?

[bukka]

Also PHP-8.1 branch is green: https://github.com/php/php-src/tree/PHP-8.1

[bukka]

Oh, you are talking about older branches.

[bukka]

I'm not sure if I can use my foundation time on this and unfortunately way too busy in my free time.

[bukka]

I will discuss this kind of support for PHP older branches during our meeting on Monday and let you know then.

[remicollet]

Applied (and adapted) in 8.0 branch

=====================================================================
Number of tests :  433               397
Tests skipped   :   36 (  8.3%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    0 (  0.0%) (  0.0%)
Expected fail   :    3 (  0.7%) (  0.8%)
Tests passed    :  394 ( 91.0%) ( 99.2%)
---------------------------------------------------------------------
Time taken      :  139 seconds
=====================================================================

For memory, 69853e1 was needed to avoid segfault (from 8.1)

[remicollet]

Also applied and adapted for 7.4

=====================================================================
Number of tests :  436               393
Tests skipped   :   43 (  9.9%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    0 (  0.0%) (  0.0%)
Expected fail   :    3 (  0.7%) (  0.8%)
Tests passed    :  390 ( 89.4%) ( 99.2%)
---------------------------------------------------------------------
Time taken      :  114 seconds
=====================================================================

[remicollet]

Also applied and adapted for 7.3

=====================================================================
Number of tests :  428               389
Tests skipped   :   39 (  9.1%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    0 (  0.0%) (  0.0%)
Expected fail   :    3 (  0.7%) (  0.8%)
Tests passed    :  386 ( 90.2%) ( 99.2%)
---------------------------------------------------------------------
Time taken      :  100 seconds
=====================================================================

Not planed for older versions for now