oss-sec mailing list archives
[CVE Request] Multiple vulnerabilities in PHP's Phar handling
From: Emmanuel Law <emmanuel.law () gmail com>
Date: Fri, 17 Apr 2015 03:11:27 +0800
This serves as a cve request + advisory. --------Background--------- PHP has the built-in Phar & PharData functionality since 5.3.0. It allows developers to use them to manipulate the following archive types: tar, zip, phar. Serveral vulnerabilities were found in the Phar extenion. [1: CVE Request] There is a stack based buffer overflow when opening tar, zip or phar archives through the Phar extension. An attacker and exploit this to run arbitrary code. Affected versions: PHP < 5.6.8RC1 Bug Report: https://bugs.php.net/bug.php?id=69441 Patch: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c Please assign a CVE for this. [2: Advisory for CVE-2015-2783] When processing a specially crafted phar file, it is possible to trigger a buffer over-read in PHP's unserialize function. An attacker can exploit this to dump memory info leak on the system. Affected versions: PHP < 5.6.8RC1 Bug Report: https://bugs.php.net/bug.php?id=69324 Patch: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae rgds, Emmanuel
Current thread:
- [CVE Request] Multiple vulnerabilities in PHP's Phar handling Emmanuel Law (Apr 16)
- Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling cve-assign (Apr 17)