Date: Wed, 21 Jan 2015 04:44:02 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: CVE Request: PHP int overflow Hi, I found an integer overflow in PHP, in the conversation of dates to "Julian Day Count" function. The commit, with a PoC can be found here: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1 It seems to affect every version of PHP compiled with the calendar extension. The vulnerable code was commited in 3bc8debefe30aec801ee75878eba3ab6be00f301, at Sat Apr 15 20:35:09 2000 +0000 Could I get a CVE-ID for this? Thanks, -- -- Joshua Rogers <https://internot.info/> [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ