PHP Buffer Overread Vulnerability in Convert.quoted-printable-decode Filter

A buffer overread vulnerability has been identified in PHP versions 8.1.* prior to 8.1.31, 8.2.* prior to 8.2.26, and 8.3.* prior to 8.3.14. The issue arises in the convert.quoted-printable-decode filter, where certain data can cause a buffer overread by one byte. This vulnerability can lead to crashes or the unintentional disclosure of memory content from other areas.

Impact

Exploitation of this vulnerability causes a segmentation fault, as reported by AddressSanitizer, indicating a memory access violation. This suggests a read memory overrun or a use-after-free condition in the affected filter. The vulnerability allows an attacker to extract a single byte of data from the heap, potentially leading to information leakage, or to cause a denial-of-service by crashing the PHP process.

Reproduction

The vulnerability can be reproduced by processing input through the convert.quoted-printable-decode filter in a PHP script. This can be done by using the php://filter stream to apply the filter to a file or data stream. The AddressSanitizer can be used to detect the memory overread, which will result in a segmentation fault when the crafted input is processed.

Remediation

Users can upgrade to PHP versions 8.1.31, 8.2.26, or 8.3.14 to address this vulnerability.