oss-sec mailing list archives
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 6 Dec 2010 15:56:46 -0700
* [2010-12-06 16:26:38 -0500] Steven M. Christey wrote:
CVE-2010-4409 was just assigned by MITRE for this issue.
Awesome. Thanks Steve.
On Mon, 6 Dec 2010, Vincent Danen wrote:I haven't seen a CVE request for this already, and can't find a CVE name if one has been assigned. CERT has a bulletin up regarding a DoS in the getSymbol() function (integer overflow vulnerability): http://www.kb.cert.org/vuls/id/479900 http://svn.php.net/viewvc?view=revision&revision=305571 http://php.net/manual/en/numberformatter.getsymbol.php
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Steven M. Christey (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 07)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 07)
- Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 08)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 08)
- Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 08)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 07)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Steven M. Christey (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 09)