oss-sec mailing list archives
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)
From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 8 Dec 2010 08:56:02 +0100
hi, The CVE # has been added to the changes log too. http://svn.php.net/viewvc?view=revision&revision=306036 On Mon, Dec 6, 2010 at 6:15 PM, Vincent Danen <vdanen () redhat com> wrote:
I haven't seen a CVE request for this already, and can't find a CVE name if one has been assigned. CERT has a bulletin up regarding a DoS in the getSymbol() function (integer overflow vulnerability): http://www.kb.cert.org/vuls/id/479900 http://svn.php.net/viewvc?view=revision&revision=305571 http://php.net/manual/en/numberformatter.getsymbol.php Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the only versions with that function. Does anyone know if a CVE has been assigned to this? If not, could one be assigned? -- Vincent Danen / Red Hat Security Response Team
-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Steven M. Christey (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 07)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 07)
- Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 08)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 08)
- Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 08)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz (Dec 07)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Steven M. Christey (Dec 06)
- Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger (Dec 09)