Date: Wed, 18 Mar 2015 20:19:26 +1300 From: Emmanuel Law <emmanuel.law@...il.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Hi, found an integer overflow in PHP. When processing a malform zip file with many entires, it leads to a heap overflow. Affected Version <= PHP 5.6.6 Bug Report: https://bugs.php.net/bug.php?id=69253 Patch: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Could you please assign a CVE-ID for it? Thanks, Emmanuel
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ