Date: Mon, 18 May 2015 01:35:11 -0700 From: Stanislav Malyshev <smalyshev@...il.com> To: Andrea Palazzo <andrea.palazzo@...el.it>, cve-assign@...re.org CC: oss-security@...ts.openwall.com, security@....net Subject: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Hi! > Hi everyone, > this is intended as CVE Request and advisory for > https://bugs.php.net/bug.php?id=69403. I do not think this requires a CVE as this needs specially crafted PHP script (i.e. local access or ability to run arbitrary PHP code) and memory settings allowing to allocate huge (>4G) values, which seems to be unlikely to happen on a common production system. I am not sure how remote code execution vector can be provided for this issue, if you have an example, please clarify. Thanks, -- Stas Malyshev smalyshev@...il.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ