CVE Request: PHP remote exploits (even more)

[Marcus Meissner <meissner () suse de>]

Hi,

the last patch of PHP remote exploits have no CVEs assigned yet, but here are even more.

Please assign CVEs.

http://php.net/ChangeLog-5.php#5.4.45

        https://bugs.php.net/bug.php?id=70172   Use After Free Vulnerability in unserialize() 
                Given attacker input to unserialize() we should consider this a security issue.

        https://bugs.php.net/bug.php?id=70219   Use after free vulnerability in session deserializer
                Same.

        https://bugs.php.net/bug.php?id=70388   SOAP serialize_function_call() type confusion / RCE
                Definitely, even the summary has enough indication for me.

        https://bugs.php.net/bug.php?id=70365   yet another use-after-free vulnerability in unserialize() with 
SplObjectStorage
                I would also say this can be attacker driven, so needs a CVE.

        https://bugs.php.net/bug.php?id=70366   yet another use-after-free vulnerability in unserialize() with 
SplDoublyLinkedL
                Same.
        
        https://bugs.php.net/bug.php?id=69782   NULL pointer dereference
                Denial of service, these queries might be fed from remote.

Perhaps CVEs also for:
        https://bugs.php.net/bug.php?id=70385   Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 
bytes

        Questionable. It seems no crash was observed, so no denial of service. At most a information leak.

        https://bugs.php.net/bug.php?id=70312   HAVAL gives wrong hashes in specific cases

        Questionable. I am not sure this is attacker driveable or if an attacker could do anything with this.


        https://bugs.php.net/bug.php?id=70345

        Various PCRE issues caused by the regexp string. There has been a tendency to either declare this CVE worthy or
        declare that its not attacker driven usually.

Ciao, Marcus