Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 May 2015 01:35:11 -0700
From: Stanislav Malyshev <smalyshev@...il.com>
To: Andrea Palazzo <andrea.palazzo@...el.it>, cve-assign@...re.org
CC: oss-security@...ts.openwall.com, security@....net
Subject: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based
 memory corruption

Hi!

> Hi everyone,
> this is intended as CVE Request and advisory for
> https://bugs.php.net/bug.php?id=69403.

I do not think this requires a CVE as this needs specially crafted PHP
script (i.e. local access or ability to run arbitrary PHP code) and
memory settings allowing to allocate huge (>4G) values, which seems to
be unlikely to happen on a common production system. I am not sure how
remote code execution vector can be provided for this issue, if you have
an example, please clarify.

Thanks,
-- 
Stas Malyshev
smalyshev@...il.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ