oss-sec mailing list archives
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption
From: Stanislav Malyshev <smalyshev () gmail com>
Date: Mon, 18 May 2015 01:35:11 -0700
Hi!
Hi everyone, this is intended as CVE Request and advisory for https://bugs.php.net/bug.php?id=69403.
I do not think this requires a CVE as this needs specially crafted PHP script (i.e. local access or ability to run arbitrary PHP code) and memory settings allowing to allocate huge (>4G) values, which seems to be unlikely to happen on a common production system. I am not sure how remote code execution vector can be provided for this issue, if you have an example, please clarify. Thanks, -- Stas Malyshev smalyshev () gmail com
Current thread:
- CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 19)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 19)
- Re: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Dennis (May 19)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
- Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)