oss-sec mailing list archives
Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability
From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Jul 2010 14:47:31 -0400 (EDT)
----- "Péter Veres" <moltesalt () gmail com> wrote:
2010/6/30 Josh Bressers <bressers () redhat com>----- "Péter Veres" <moltesalt () gmail com> wrote:Hi Steve, PHP’s strrchr() function can be interrupted and used forinformationleakage due to call time pass by reference. Could you allocate a CVE id for this issue?Do you have some sort of reference for this? I'm not findinganything inthe usual places. I'll assign an ID once I have more information.Fixed in the upstream. 5.3.3 RC1 not affected. 5.2 branch vulnerable. http://svn.php.net/viewvc?view=revision&revision=300916
Please use CVE-2010-2484 Thanks. -- JB
Current thread:
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jul 01)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jul 02)