Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2015 04:44:02 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com
Subject: CVE Request: PHP int overflow

Hi,

I found an integer overflow in PHP, in the conversation of dates to
"Julian Day Count" function.

The commit, with a PoC can be found here:
https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1

It seems to affect every version of PHP compiled with the calendar
extension.
The vulnerable code was commited in
3bc8debefe30aec801ee75878eba3ab6be00f301, at
 Sat Apr 15 20:35:09 2000 +0000

Could I get a CVE-ID for this?

Thanks,
-- 
-- Joshua Rogers <https://internot.info/>


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ