oss-sec mailing list archives
Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability
From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 15:27:50 -0400 (EDT)
----- "Péter Veres" <moltesalt () gmail com> wrote:
Hi Steve, PHP’s strrchr() function can be interrupted and used for information leakage due to call time pass by reference. Could you allocate a CVE id for this issue?
Do you have some sort of reference for this? I'm not finding anything in the
usual places.
I'll assign an ID once I have more information.
Thanks.
--
JB
Current thread:
- CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Pierre Joye (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jun 30)