oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability

From: Péter Veres <moltesalt () gmail com>
Date: Thu, 1 Jul 2010 21:16:02 +0200
2010/6/30 Josh Bressers <bressers () redhat com>



----- "Péter Veres" <moltesalt () gmail com> wrote:


Hi Steve,

PHP’s strrchr() function can be interrupted and used for information
leakage due to call time pass by reference.

Could you allocate a CVE id for this issue?



Do you have some sort of reference for this? I'm not finding anything in
the
usual places.

I'll assign an ID once I have more information.

Thanks.

--
    JB




Fixed in the upstream.
5.3.3 RC1 not affected.
5.2 branch vulnerable.

http://svn.php.net/viewvc?view=revision&revision=300916
Previous By Date Next
Previous By Thread Next

Current thread: