oss-sec mailing list archives
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary
From: Emmanuel Law <emmanuel.law () gmail com>
Date: Thu, 19 Mar 2015 08:31:14 +1300
Yup we realised that and notified libzip. On 19/03/2015 8:05 am, "Timo Warns" <Timo.Warns () gmail com> wrote:
On 2015-03-18, Emmanuel Law wrote:found an integer overflow in PHP. When processing a malform zip file with many entires, it leads to a heap overflow. Affected Version <= PHP 5.6.6 Bug Report: https://bugs.php.net/bug.php?id=69253 Patch:https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 This looks like it may also affect libzip upstream (http://hg.nih.at/libzip/file/fa78ab51417f/lib/zip_dirent.c) Was upstream (in copy) informed about the issue? Cheers, Timo
Current thread:
- CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner (Mar 23)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)