oss-sec mailing list archives
[CVE Requests] PHP issues
From: Luật Nguyễn <manhluat93.php () gmail com>
Date: Thu, 28 Apr 2016 15:12:21 +0700
Hi folks, There are flaws which are various type (heap corruption, heap overflow, Uninitialized pointer) in PHP from previous version we might miss. 1. Heap corruption in tar/zip/phar parser https://bugs.php.net/bug.php?id=71354 2. Uninitialized pointer in phar_make_dirstream() https://bugs.php.net/bug.php?id=71331 3. Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes https://bugs.php.net/bug.php?id=71637 Those 2nd, 3rd may let attackers with crafted PHAR file could potentially remote code execute without specific PHP script. Could we assign CVE for these ? :) References: http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php Thank you && Regards. Luat.
Current thread:
- [CVE Requests] PHP issues Luật Nguyễn (Apr 28)
- Re: [CVE Requests] PHP issues cve-assign (Apr 28)