OSV-2021-455

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-455

Published

2021-02-28T00:01:13.121524Z

Modified

2022-04-13T03:04:33.633980Z

Summary

Heap-use-after-free in zend_hash_iterator_pos_ex

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31423

Crash type: Heap-use-after-free READ 1
Crash state:
zend_hash_iterator_pos_ex
ZEND_FE_FETCH_RW_SPEC_VAR_HANDLER
fuzzer_execute_ex

References

Affected packages

Type: GIT
Repo: https://github.com/php/php-src.git
Events: Introduced

1902f730ee2bda60552f34c0643e2d7b47e4fb64

Fixed

5875bf754ed4fc64a6f0b7d62734d2a816c51017

php-8.0.0

php-8.0.0RC2

php-8.0.0RC3

php-8.0.0RC4

php-8.0.0RC5

php-8.0.0beta3

php-8.0.0beta4

php-8.0.0rc1

php-8.0.1

php-8.0.1RC1

php-8.0.2

php-8.0.2RC1

php-8.0.3

php-8.0.3RC1

{
    "severity": "HIGH"
}