• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Serious bug in PHP reported!

RJARRRPCGP

RJARRRPCGP

Joined
Oct 15, 2011
Messages
1,997 (0.44/day)
Location
Springfield, Vermont
System Specs
System Name KHR-1
Processor Ryzen 9 5900X
Motherboard ASRock B550 PG Velocita (UEFI-BIOS P3.40)
Memory 32 GB G.Skill RipJawsV F4-3200C16D-32GVR
Video Card(s) Sapphire Nitro+ Radeon RX 6750 XT
Storage Western Digital Black SN850 1 TB NVMe SSD
Display(s) Alienware AW3423DWF OLED-ASRock PG27Q15R2A (backup)
Case Corsair 275R
Audio Device(s) Technics SA-EX140 receiver with Polk VT60 speakers
Power Supply eVGA Supernova G3 750W
Mouse Logitech G Pro (Hero)
Software Windows 11 Pro x64 23H2
I just saw this:

 
W1zzard

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,058 (3.71/day)
System Specs
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
RJARRRPCGP

RJARRRPCGP

Joined
Oct 15, 2011
Messages
1,997 (0.44/day)
Location
Springfield, Vermont
System Specs
System Name KHR-1
Processor Ryzen 9 5900X
Motherboard ASRock B550 PG Velocita (UEFI-BIOS P3.40)
Memory 32 GB G.Skill RipJawsV F4-3200C16D-32GVR
Video Card(s) Sapphire Nitro+ Radeon RX 6750 XT
Storage Western Digital Black SN850 1 TB NVMe SSD
Display(s) Alienware AW3423DWF OLED-ASRock PG27Q15R2A (backup)
Case Corsair 275R
Audio Device(s) Technics SA-EX140 receiver with Polk VT60 speakers
Power Supply eVGA Supernova G3 750W
Mouse Logitech G Pro (Hero)
Software Windows 11 Pro x64 23H2
W1zzard said:
How about a link to a textual representation of the issue? https://nvd.nist.gov/vuln/detail/CVE-2024-2961

Seems the problem is glibc, not PHP

Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)

Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)
garrettmills.dev garrettmills.dev
Click to expand...
Yes, I didn't say that the origin is actually glibc, mea culpa.

Currently, it looks like glibc <2.40 is affected.

But, Garrett Mills reports <2.39, so a bunch possibly avoided a "web-site-mageddon".

I saw this:

CVE Website

www.cve.org www.cve.org

Even that one still says <2.40!
 
Last edited:
W1zzard

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,058 (3.71/day)
System Specs
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
I also doubt that many people are using this specific Chinese encoding .. we certainly don't

For shared hosting where you can upload your own PHP code, this could be interesting though, assuming they run their PHP as root, not in a container, which no sane host should ever do
 
You must log in or register to reply here.
Top