Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Mar 2015 04:55:12 -0400 (EDT)
From: cve-assign@...re.org
To: emmanuel.law@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.php.net/bug.php?id=69253
> https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

> PHP <= 5.6.6 has a Integer overflow vulnerability when opening a
> ZipArchive with a large number of entries. This results in writing
> past the heap boundary and crashing PHP.

Use CVE-2015-2331.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVCTzWAAoJEKllVAevmvmsq9AH/A8w37MaxNKhxdv+jo91GOyq
ZKuU4wDHhP7yt8QFTGiBy0PYIvfGU2xh+4486lrdski6cqfLd7N+Qqd8ZE0G1ytm
uvigoqGFyyjhqMdkIq77JGJ7qommln+al5nFHwt6nA73sW6I/hywHB0qACPFaWq3
BJ18vp2RGcyqMCxVQaBQbO7a02kJkPXSJRvLtyKjbpW8QS3uHeNmifQP/Xb4Xlv6
RTHMBhAmG9LqOS+TAmUa5QqEql+QjLvRgnXwT49O7aRaX19IFcePubjQhHtw037b
PN8/d2XkdJeVL2m1tiiLuN6vqTp9Ro3MsiHFsHTIs/iUazE/qRg9lwmMeVzV91g=
=dAFG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ