Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Mar 2015 20:19:26 +1300
From: Emmanuel Law <emmanuel.law@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: ZIP Integer Overflow leads to writing past heap boundary

Hi,

found an integer overflow in PHP. When processing a malform zip file with
many entires, it leads to a heap overflow.

Affected Version <= PHP 5.6.6
Bug Report: https://bugs.php.net/bug.php?id=69253
Patch:
https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

Could you please assign a CVE-ID for it?

Thanks,

Emmanuel

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ