oss-sec mailing list archives
Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability
From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 30 Jun 2010 21:33:45 +0200
hi, On Wed, Jun 30, 2010 at 9:27 PM, Josh Bressers <bressers () redhat com> wrote:
----- "Péter Veres" <moltesalt () gmail com> wrote:Hi Steve, PHP’s strrchr() function can be interrupted and used for information leakage due to call time pass by reference. Could you allocate a CVE id for this issue?Do you have some sort of reference for this? I'm not finding anything in the usual places. I'll assign an ID once I have more information.
Correct me if I'm wrong but it looks to me that it is related to the MOPS 18-40, which are actually the same issue. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Pierre Joye (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jun 30)