oss-sec mailing list archives

CVE Request: PHP int overflow

From: Joshua Rogers <oss () internot info>
Date: Wed, 21 Jan 2015 04:44:02 +1100

Hi,

I found an integer overflow in PHP, in the conversation of dates to
"Julian Day Count" function.

The commit, with a PoC can be found here:
https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1

It seems to affect every version of PHP compiled with the calendar
extension.
The vulnerable code was commited in
3bc8debefe30aec801ee75878eba3ab6be00f301, at
 Sat Apr 15 20:35:09 2000 +0000

Could I get a CVE-ID for this?

Thanks,
-- 
-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE Request: PHP int overflow Joshua Rogers (Jan 20)
- Re: CVE Request: PHP int overflow cve-assign (Jan 24)