oss-sec mailing list archives
Re: CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile
From: cve-assign () mitre org
Date: Mon, 14 Mar 2016 00:31:35 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
If "PK\x05\x06" signature is located at end of `buf` variable, it will read out-of-bound `buf` variable and copy to `locator`. https://bugs.php.net/bug.php?id=71498 https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
Use CVE-2016-3142. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW5j5TAAoJEL54rhJi8gl5DhgQAIB326lNzHLeRy16mjDXg0Dm JkKHcv92P5w3NQUOyZbO0HkRqxCrlEcf5x6qhO0ShhuAe4m/3qS0HHugKHbabALV nsFSUjoiodWChNdFS9qHznv2sPUvuNujbJludULqNKSHbZm7sqwrOHIos6TXEqWr /9ALj350BvarXe4f12esAWWLYyFoqhY09EheHd3TU8IxK0Rk9uCUDNNrfju4e/Q1 fmHe2zMBvJ8bKVqazp6FSg0hkigSkZyMQ7Iz3NePrIGcKe7t1nMcP9T6T5oAmtHy hfmnplpJ/cBjUFDwYCp467CdIm7pH9d/5GgoewCXMH8LJv4MPR/aVxSyPDVExFy3 8q1eH1ziIr/NjMYTmIB9y6OtSaW6A8Qh9oU9trXgTihQzR3ZY/G5iDB/w8EZ7lcn 3iPUkWC2SQBUqZUY3xSTViF/uI5CvbkAmSbExJmj1b4XCd1lzKo+LxQ2dvAKEGuk Iy7WYUO/toCVAOrnB2acBGp4dY8CJWPPKol7rDVctBS2DHzp/oHokpA9m5Q0x+91 AUUbgQbb+/Tpo+YvDq3LZ1+cEgWH4Ge3HvjjdJczNZ+gmCv1Mte8vk4zwRGwyPwG BfngJsGqwnU6SJnXahIuRF+OMpeLY4mgMHxSrvoQSJIe3c+wtVz+GOWr7jgOHxZH k4UsurZYNZpUmtXRpAkZ =+dfJ -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile Dmitry Kasyanov (Mar 13)
- Re: CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile cve-assign (Mar 13)