oss-sec mailing list archives
Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary
From: Emmanuel Law <emmanuel.law () gmail com>
Date: Thu, 19 Mar 2015 09:24:47 +1300
It covers both PHP and libizp. I realised libzip was vulnerable only after the Request for CVE. My bad :( Either way I've informed upstream libzip about the issue. On Thu, Mar 19, 2015 at 9:24 AM, Timo Warns <Timo.Warns () gmail com> wrote:
On 2015-03-18, cve-assign () mitre org wrote:https://bugs.php.net/bug.php?id=69253https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5PHP <= 5.6.6 has a Integer overflow vulnerability when opening a ZipArchive with a large number of entries. This results in writing past the heap boundary and crashing PHP.Use CVE-2015-2331.Can you please clarify the scope of CVE-2015-2331? Does it only cover the vulnerability in PHP or does it also cover upstream libzip? Thanks, Timo
Current thread:
- CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner (Mar 23)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)