oss-sec mailing list archives
Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling
From: cve-assign () mitre org
Date: Fri, 17 Apr 2015 16:39:57 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There is a stack based buffer overflow when opening tar, zip or phar archives through the Phar extension. An attacker and exploit this to run arbitrary code. Affected versions: PHP < 5.6.8RC1 Bug Report: https://bugs.php.net/bug.php?id=69441 Patch: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
Use CVE-2015-3329. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVMW7RAAoJEKllVAevmvms5ikH/RSwRGs1lZ26NaiOjkwXWolc 1F7M3IE/s5C5/lrzWN63Y+hjta/MJfnY0S5wJDXlwpYNLAO59oDQ341/Qgd8IRK7 NfVR9Mu8dpsKpdexqw7G0/ns0p/p/Q9eJiYSqRrbJPKdFbz//SYOEV6mKkRnabFz ShiboS53+Onia5EeFHjsN3AdUEFlQW4jsArxxsHsz8Gu5JBCAKmtEOnp5o0QD9o8 B0bliLqcUmmvlb3yPn1hPgUXZbUmdZ16ix3qE3vsFln/9Qhf3c4zT8Hsyp5fSq/C DWlyaPRXOOj3/op+TQPdgu60DCwhpAlj1go1VPxAqO1J9nwKz6Z9f9fnxe3VAD4= =C34M -----END PGP SIGNATURE-----
Current thread:
- [CVE Request] Multiple vulnerabilities in PHP's Phar handling Emmanuel Law (Apr 16)
- Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling cve-assign (Apr 17)