Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Dec 2015 23:29:54 +1300
From: Emmanuel Law <emmanuel.law@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Cc: security@....net
Subject: CVE Request: Use after free in PHP Collator::sortWithSortKeys function

Hi,

I reported a use after free in PHP's Intl extension. The vulnerability is
in Collator::sortWithSortKeys function. Only Php 7.0.0 is affected.

https://bugs.php.net/bug.php?id=71020

This can potentially be remotely exploitable if the sorting function is
called on a user supplied array.

Not sure If this is CVE worthy. But if so, please assign it one.

Thanks.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ