Date: Tue, 22 Dec 2015 23:29:54 +1300 From: Emmanuel Law <emmanuel.law@...il.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Cc: security@....net Subject: CVE Request: Use after free in PHP Collator::sortWithSortKeys function Hi, I reported a use after free in PHP's Intl extension. The vulnerability is in Collator::sortWithSortKeys function. Only Php 7.0.0 is affected. https://bugs.php.net/bug.php?id=71020 This can potentially be remotely exploitable if the sorting function is called on a user supplied array. Not sure If this is CVE worthy. But if so, please assign it one. Thanks.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ