oss-sec mailing list archives

Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption

From: Stanislav Malyshev <smalyshev () gmail com>
Date: Mon, 18 May 2015 01:35:11 -0700

Hi!

Hi everyone,
this is intended as CVE Request and advisory for
https://bugs.php.net/bug.php?id=69403.


I do not think this requires a CVE as this needs specially crafted PHP
script (i.e. local access or ability to run arbitrary PHP code) and
memory settings allowing to allocate huge (>4G) values, which seems to
be unlikely to happen on a common production system. I am not sure how
remote code execution vector can be provided for this issue, if you have
an example, please clarify.

Thanks,
-- 
Stas Malyshev
smalyshev () gmail com

Current thread:

CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
  - Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
    - Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
    - Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 19)
    - Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 19)
    - Re: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Dennis (May 19)