oss-sec mailing list archives
CVE Request: more php unserializing issues
From: Marcus Meissner <meissner () suse de>
Date: Wed, 19 Aug 2015 11:49:45 +0200
Hi, I am not sure these have CVE ids yet: https://bugs.php.net/bug.php?id=70068 Dangling pointer in the unserialization of ArrayObject items impact: remote code execution https://bugs.php.net/bug.php?id=70166 https://bugs.php.net/bug.php?id=70155 (dup) Use After Free Vulnerability in unserialize() with SPLArrayObject https://bugs.php.net/bug.php?id=70168 Use After Free Vulnerability in unserialize() with SplObjectStorage https://bugs.php.net/bug.php?id=70169 Use After Free Vulnerability in unserialize() with SplDoublyLinkedList These look like they can be exploited for code execution. https://bugs.php.net/bug.php?id=70019 Files extracted from archive may be placed outside of destination directory (indirect reference also https://msisac.cisecurity.org/advisories/2015/2015-091.cfm and the php release notes http://php.net/ChangeLog-5.php#5.4.44 http://php.net/ChangeLog-5.php#5.5.28 http://php.net/ChangeLog-5.php#5.6.12 ) Ciao, Marcus
Current thread:
- CVE Request: more php unserializing issues Marcus Meissner (Aug 19)
- Re: CVE Request: more php unserializing issues Marcus Meissner (Aug 31)
- Re: CVE Request: more php unserializing issues Marcus Meissner (Aug 31)
- Re: CVE Request: more php unserializing issues cve-assign (Sep 08)