[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Sep 2015 08:03:20 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>,
cve-assign@...re.org
Subject: Re: CVE Request: more php unserializing issues
Hm,
forgot to cc cve-assign
On Wed, Aug 19, 2015 at 11:49:45AM +0200, Marcus Meissner wrote:
> Hi,
>
> I am not sure these have CVE ids yet:
>
> https://bugs.php.net/bug.php?id=70068
> Dangling pointer in the unserialization of ArrayObject items
> impact: remote code execution
>
>
> https://bugs.php.net/bug.php?id=70166
> https://bugs.php.net/bug.php?id=70155 (dup)
> Use After Free Vulnerability in unserialize() with SPLArrayObject
>
> https://bugs.php.net/bug.php?id=70168
> Use After Free Vulnerability in unserialize() with SplObjectStorage
>
> https://bugs.php.net/bug.php?id=70169
> Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
>
>
> These look like they can be exploited for code execution.
>
>
> https://bugs.php.net/bug.php?id=70019
> Files extracted from archive may be placed outside of destination directory
>
> (indirect reference also https://msisac.cisecurity.org/advisories/2015/2015-091.cfm
> and the php release notes
> http://php.net/ChangeLog-5.php#5.4.44
> http://php.net/ChangeLog-5.php#5.5.28
> http://php.net/ChangeLog-5.php#5.6.12
> )
>
> Ciao, Marcus
>
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@...e.de>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
