oss-sec mailing list archives
CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension
From: Raphael Geissert <geissert () debian org>
Date: Fri, 12 Mar 2010 12:58:56 -0600
Hi, At http://bugs.debian.org/573573 it has been reported a NULL pointer dereference in the xmlrpc extension, in a call to estrdup[1]. This bug can at least be used to perform DoS attacks. Looking at the code, I can see multiple, similarly affected, calls. For tracking purposes (and hoping nobody else has run and assigned one themselves) I've assigned CVE-2010-0397. [1] Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); Kind regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension Raphael Geissert (Mar 12)