oss-sec mailing list archives
CVE Request - PECL-HTTP 3.0.0 Buffer overflow
From: _rc0r <hlt99 () blinkenshell org>
Date: Wed, 29 Jun 2016 08:28:23 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi list, hi CVE assignment team, back in March a buffer overflow was discovered in url parsing functions of the PECL HTTP extension. The bug allowed a partial overwrite of a callback function pointer possibly leading to execution of arbitrary code. For the original bug report to the PHP bug tracker, please see: https://bugs.php.net/bug.php?id=71719 This flaw was fixed in commit [3724cd7] https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac 567ae1f5 and was included in PECL-HTTP 3.0.1 that was released the same day: https://pecl.php.net/package/pecl_http/3.0.1 Cheers -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXc2nFAAoJEII4s+efq3pF1+4P/RBvkJLH9jfISkoAEijVYbJc YB7moTXaLGbAF1G0Tz8WWWQeKhXiq7Rn6uf4nVrVFT/MDXmX45wFSIOQfURMa8iW Ikdqq5Ydb5Mh7RJ6F3ri11vhjPqSxcwmav71xg50U7GQzM+paUVUZo+lNCaVn1u6 Llg3YwKKHnvVnrggUTaWBXzL4o8eeMNPWB/gCiJthMI3KvgEqXWRC9V6sT5U1DE/ hIkroHuqRJfbdocMyVRE3B2erXi3ijhjDqVMRqkRkB8jiCXy13BtFuoRqFXT69Ow pwKIKL7j3Su4kkr6OJq0D8hbU/YmhITnSzVqU5SfCoEVmn4Oab1+GFFiuMZVUd3q clWb1ano2cQwEazTldp54LwIz2Ov438H1jCuu8XHp8KGZpWjYQAZ0LmZdskA/Qn6 mFx41z1doexG1hsJvgWLeKKR6zzP4yLeCY7vNUiSWBOiQiC6hUHbWfUPvfB7aEhf TKRAKphgJ8DRSRe9GVGNRKP2YfddwlppvP7a6l0L2q0h9ZPu0X3OqsCvcvMjLBZd YyH/wMpG0U5Ae8zxrnu73kYadFCmmeuj/8KfF1VLsId07ImRstZfgeUYIJ//N895 NfqqAdJuioLAH9qOngfQIQCiCd742ZQItlgaEEqhsj6oe+HiINs95z1WKi6faVyz 7WU95dh8voVrao+3CH2x =hOsV -----END PGP SIGNATURE-----
Current thread:
- CVE Request - PECL-HTTP 3.0.0 Buffer overflow _rc0r (Jun 28)
- Re: CVE Request - PECL-HTTP 3.0.0 Buffer overflow cve-assign (Jun 29)