oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)

From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 8 Dec 2010 08:56:02 +0100
hi,

The CVE # has been added to the changes log too.

http://svn.php.net/viewvc?view=revision&revision=306036

On Mon, Dec 6, 2010 at 6:15 PM, Vincent Danen <vdanen () redhat com> wrote:

I haven't seen a CVE request for this already, and can't find a CVE name
if one has been assigned.

CERT has a bulletin up regarding a DoS in the getSymbol() function
(integer overflow vulnerability):

http://www.kb.cert.org/vuls/id/479900
http://svn.php.net/viewvc?view=revision&revision=305571
http://php.net/manual/en/numberformatter.getsymbol.php

Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the
only versions with that function.

Does anyone know if a CVE has been assigned to this?  If not, could one
be assigned?

--
Vincent Danen / Red Hat Security Response Team




-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: