Date: Wed, 19 Aug 2015 11:49:45 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: more php unserializing issues Hi, I am not sure these have CVE ids yet: https://bugs.php.net/bug.php?id=70068 Dangling pointer in the unserialization of ArrayObject items impact: remote code execution https://bugs.php.net/bug.php?id=70166 https://bugs.php.net/bug.php?id=70155 (dup) Use After Free Vulnerability in unserialize() with SPLArrayObject https://bugs.php.net/bug.php?id=70168 Use After Free Vulnerability in unserialize() with SplObjectStorage https://bugs.php.net/bug.php?id=70169 Use After Free Vulnerability in unserialize() with SplDoublyLinkedList These look like they can be exploited for code execution. https://bugs.php.net/bug.php?id=70019 Files extracted from archive may be placed outside of destination directory (indirect reference also https://msisac.cisecurity.org/advisories/2015/2015-091.cfm and the php release notes http://php.net/ChangeLog-5.php#5.4.44 http://php.net/ChangeLog-5.php#5.5.28 http://php.net/ChangeLog-5.php#5.6.12 ) Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.