** Summary changed:
- pg_escape_bytea fails on even trivial byte content
+ php regressions with CVE-2025-1735
** Summary changed:
- php regressions with CVE-2025-1735
+ php7.x regressions with CVE-2025-1735
** Description changed:
The 7.4.3-4ubuntu2.29+esm1 appears to have broken pg_escape_bytea
function.
Any input passed to the function results in a fatal error of an escape
failure
A minimal reproduction script looks like this
<?php
// --- Configuration ---=
$dbhost = "host";
$dbport = "5432";
$dbname = "dbname";
$dbuser = "dbuser";
$dbpass = "dbpass";
// --- Connect to PostgreSQL ---
$conn = pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser
password=$dbpass");
if (!$conn) {
die("Failed to connect to PostgreSQL\n");
}
// --- Escape for BYTEA ---
$escaped = pg_escape_bytea($conn, 'test');
var_dump($escaped)
+ ?>
And the result
php test.php
PHP Fatal error: Uncaught Exception: Escape failure in test.php:19
Stack trace:
Running this in an unpatched php 7.4 docker from the php upstream project
gives
php test.php
string(10) "\x74657374"
We believe this may be a result of the fix for
https://ubuntu.com/security/CVE-2025-1735
We haven't seen this happen on 8.1.2-1ubuntu2.22 or 8.3 php versions, so
the issue appears to be limited to just php7.4
+
+ This issue also happens in php7.0 and php7.2.
+
+ php7.0 and php7.2 also have a second regression because of the use of an
undefined symbol:
+ > PHP Warning: PHP Startup: Unable to load dynamic library
'/usr/lib/php/20151012/pgsql.so' - /usr/lib/php/20151012/pgsql.so: undefined
symbol: zend_string_efree in Unknown on line 0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121643
Title:
php7.x regressions with CVE-2025-1735
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/2121643/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
