oss-sec mailing list archives
Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability
From: Péter Veres <moltesalt () gmail com>
Date: Thu, 1 Jul 2010 21:16:02 +0200
2010/6/30 Josh Bressers <bressers () redhat com>
----- "Péter Veres" <moltesalt () gmail com> wrote:Hi Steve, PHP’s strrchr() function can be interrupted and used for information leakage due to call time pass by reference. Could you allocate a CVE id for this issue?Do you have some sort of reference for this? I'm not finding anything in the usual places. I'll assign an ID once I have more information. Thanks. -- JB
Fixed in the upstream. 5.3.3 RC1 not affected. 5.2 branch vulnerable. http://svn.php.net/viewvc?view=revision&revision=300916
Current thread:
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jul 01)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jul 02)