Date: Mon, 18 May 2015 01:35:11 -0700 From: Stanislav Malyshev <smalyshev@...il.com> To: Andrea Palazzo <andrea.palazzo@...el.it>, cve-assign@...re.org CC: oss-security@...ts.openwall.com, security@....net Subject: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Hi! > Hi everyone, > this is intended as CVE Request and advisory for > https://bugs.php.net/bug.php?id=69403. I do not think this requires a CVE as this needs specially crafted PHP script (i.e. local access or ability to run arbitrary PHP code) and memory settings allowing to allocate huge (>4G) values, which seems to be unlikely to happen on a common production system. I am not sure how remote code execution vector can be provided for this issue, if you have an example, please clarify. Thanks, -- Stas Malyshev smalyshev@...il.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.