oss-sec mailing list archives

Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary

From: cve-assign () mitre org
Date: Wed, 18 Mar 2015 04:55:12 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://bugs.php.net/bug.php?id=69253
https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

PHP <= 5.6.6 has a Integer overflow vulnerability when opening a
ZipArchive with a large number of entries. This results in writing
past the heap boundary and crashing PHP.


Use CVE-2015-2331.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVCTzWAAoJEKllVAevmvmsq9AH/A8w37MaxNKhxdv+jo91GOyq
ZKuU4wDHhP7yt8QFTGiBy0PYIvfGU2xh+4486lrdski6cqfLd7N+Qqd8ZE0G1ytm
uvigoqGFyyjhqMdkIq77JGJ7qommln+al5nFHwt6nA73sW6I/hywHB0qACPFaWq3
BJ18vp2RGcyqMCxVQaBQbO7a02kJkPXSJRvLtyKjbpW8QS3uHeNmifQP/Xb4Xlv6
RTHMBhAmG9LqOS+TAmUa5QqEql+QjLvRgnXwT49O7aRaX19IFcePubjQhHtw037b
PN8/d2XkdJeVL2m1tiiLuN6vqTp9Ro3MsiHFsHTIs/iUazE/qRg9lwmMeVzV91g=
=dAFG
-----END PGP SIGNATURE-----

Current thread:

CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
  - Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
    - Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
  - Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
    - Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner (Mar 23)