Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 May 2015 01:35:11 -0700
From: Stanislav Malyshev <>
To: Andrea Palazzo <>,
Subject: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based
 memory corruption


> Hi everyone,
> this is intended as CVE Request and advisory for

I do not think this requires a CVE as this needs specially crafted PHP
script (i.e. local access or ability to run arbitrary PHP code) and
memory settings allowing to allocate huge (>4G) values, which seems to
be unlikely to happen on a common production system. I am not sure how
remote code execution vector can be provided for this issue, if you have
an example, please clarify.

Stas Malyshev

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ