Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2015 04:44:02 +1100
From: Joshua Rogers <>
Subject: CVE Request: PHP int overflow


I found an integer overflow in PHP, in the conversation of dates to
"Julian Day Count" function.

The commit, with a PoC can be found here:

It seems to affect every version of PHP compiled with the calendar
The vulnerable code was commited in
3bc8debefe30aec801ee75878eba3ab6be00f301, at
 Sat Apr 15 20:35:09 2000 +0000

Could I get a CVE-ID for this?

-- Joshua Rogers <>

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ