oss-sec mailing list archives
Re: CVE request: NULL ptr deref in php
From: cve-assign () mitre org
Date: Thu, 5 Feb 2015 08:33:33 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
couldn't find a CVE for https://bugs.php.net/bug.php?id=68545
Does a crash triggered by an unserialize argument cross privilege boundaries in typical cases? http://php.net/manual/function.unserialize.php says Do not pass untrusted user input to unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. In the past, there have been CVEs for remote code execution that rely on an untrusted unserialize argument, e.g., CVE-2014-3669 and CVE-2014-8142. These may be important for attacks against some types of restricted environments. CVE inclusion for unserialize crashes could potentially be handled differently. For example, is it common for a PHP application to accept some untrusted unserialize arguments but not arbitrary untrusted unserialize arguments, with a decision process that would accept the https://bugs.php.net/bug.php?id=68545 example argument, because static analysis could prove that that argument is safe with respect to code execution? If not, then (at least for crash situations) perhaps it would be better to focus on CVE assignments at the application level for applications that are inconsistent with the "Do not pass untrusted user input to unserialize()" documentation. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU03B7AAoJEKllVAevmvmsXS0IAI0qvlgEjcBxzvIy9y89SNB2 G+0V024xf+QrFWTryWVhs04AaffkxLdqZP2VUiAjgzasyQ6XHRwGmTvfR6kwbTZj X8R5xiCCSoKvT1LVtQKedeeuxQ0n4/V/maOXnp1l0QRby90I2KhKf9uCw22kLDHr Iws34tm5GMgI+jMMEnUsHoDFW4iDYiTOmOCkzdJ6CytjR1TxWXWhAm4IZnuLpmEE d3aNjWJbbIQfaVCStgnLnUOWs7qeWRLC2L6g0jp/llQ5iMIu3T3WZH2HyBLSZeDO UWJ7KzM42g0hrBHuXen9TD6IPrpwO41zNwxEoUT9Lcav+fnZFUHasMYd326V288= =Z9Jt -----END PGP SIGNATURE-----
Current thread:
- CVE request: NULL ptr deref in php Johannes Segitz (Feb 04)
- Re: CVE request: NULL ptr deref in php cve-assign (Feb 05)