oss-sec mailing list archives
CVE Request: PHP int overflow
From: Joshua Rogers <oss () internot info>
Date: Wed, 21 Jan 2015 04:44:02 +1100
Hi, I found an integer overflow in PHP, in the conversation of dates to "Julian Day Count" function. The commit, with a PoC can be found here: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1 It seems to affect every version of PHP compiled with the calendar extension. The vulnerable code was commited in 3bc8debefe30aec801ee75878eba3ab6be00f301, at Sat Apr 15 20:35:09 2000 +0000 Could I get a CVE-ID for this? Thanks, -- -- Joshua Rogers <https://internot.info/>
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: PHP int overflow Joshua Rogers (Jan 20)
- Re: CVE Request: PHP int overflow cve-assign (Jan 24)