oss-sec mailing list archives
Re: CVE request: format-string vulnerability in PHP Phar extension
From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Mar 2011 16:54:22 -0400 (EDT)
Please use CVE-2011-1153 for this. Thanks. -- JB ----- Original Message -----
Hi, I just found several format-string vulnerability in PHP Phar extension, a bug has been filed in the PHP bugtracker (private): http://bugs.php.net/bug.php?id=54247 On error several class methods passes the supplied argument to zend_throw_exception_ex() which prints a formatted error message using such value as the formatter string. $ sapi/cli/php ../bug.php "%08x.%08x.%08x.%08x.%08x" PHP Fatal error: Uncaught exception 'PharException' with message 'unable to open phar for reading "00000008.00000000.bf95c204.0963e050.00000014"' in /home/felipe/dev/bug.php:4 Thanks. -- Regards, Felipe Pena
Current thread:
- CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Josh Bressers (Mar 14)