oss-sec mailing list archives
Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;
From: cve-assign () mitre org
Date: Sat, 18 Jul 2015 06:51:24 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Segfault in Phar::convertToData on invalid file https://bugs.php.net/bug.php?id=69958 http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
- php_stream_close(phar->fp); + if (phar->fp) { + php_stream_close(phar->fp); + }
Use CVE-2015-5589.
Buffer overflow and stack smashing error in phar_fix_filepath https://bugs.php.net/bug.php?id=69923 http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
there is no check if `newpath_len` will exceed MAXPATHLEN, which is the size of `newpath` on the stack.
Use CVE-2015-5590. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVqi70AAoJEKllVAevmvms/54H/RRluc6ErkmkBrq+DtmbGUqj YsL8AvL2GFn82tiEqsGs9+BaE9NSFYZv7Cg7fgmlWYL2TcEq6D94I1MbmaaSG9O9 R/ogWm4XWMDbeNruDGsb3y2GEvzzgdSxuDsgSKOBcR7pzw0RYIribeJM6hwfbQ9Q dG9POpslHu6fTGq7tYpTY/p5fBjuDz176AcpIzdh6hm/GvvNaNvr/cgx7ZXtaGN7 53Pqi+4YwbZbIbx4a1O4MHBmbnShbTEhhVRwvXLLwhAcvNwxocDJBLoiiYbunEVi 70bgzyiBmqSj1qYN+wp6fnUdHBloyer7Jw37bZhmU7hRGBlzh6KTE7GaODUBnE4= =OZOY -----END PGP SIGNATURE-----
Current thread:
- CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Vasyl Kaigorodov (Jul 17)
- Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; cve-assign (Jul 18)
- Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Tomas Hoger (Jul 21)