Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jun 2016 08:28:23 +0200
From: _rc0r <hlt99@...nkenshell.org>
To: <oss-security@...ts.openwall.com>
Subject: CVE Request - PECL-HTTP 3.0.0 Buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi list, hi CVE assignment team,

back in March a buffer overflow was discovered in url parsing
functions of the PECL HTTP extension.
The bug allowed a partial overwrite of a callback function pointer
possibly leading to execution of arbitrary code.

For the original bug report to the PHP bug tracker, please see:

https://bugs.php.net/bug.php?id=71719

This flaw was fixed in commit [3724cd7]

https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac
567ae1f5

and was included in PECL-HTTP 3.0.1 that was released the same day:

https://pecl.php.net/package/pecl_http/3.0.1


Cheers
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXc2nFAAoJEII4s+efq3pF1+4P/RBvkJLH9jfISkoAEijVYbJc
YB7moTXaLGbAF1G0Tz8WWWQeKhXiq7Rn6uf4nVrVFT/MDXmX45wFSIOQfURMa8iW
Ikdqq5Ydb5Mh7RJ6F3ri11vhjPqSxcwmav71xg50U7GQzM+paUVUZo+lNCaVn1u6
Llg3YwKKHnvVnrggUTaWBXzL4o8eeMNPWB/gCiJthMI3KvgEqXWRC9V6sT5U1DE/
hIkroHuqRJfbdocMyVRE3B2erXi3ijhjDqVMRqkRkB8jiCXy13BtFuoRqFXT69Ow
pwKIKL7j3Su4kkr6OJq0D8hbU/YmhITnSzVqU5SfCoEVmn4Oab1+GFFiuMZVUd3q
clWb1ano2cQwEazTldp54LwIz2Ov438H1jCuu8XHp8KGZpWjYQAZ0LmZdskA/Qn6
mFx41z1doexG1hsJvgWLeKKR6zzP4yLeCY7vNUiSWBOiQiC6hUHbWfUPvfB7aEhf
TKRAKphgJ8DRSRe9GVGNRKP2YfddwlppvP7a6l0L2q0h9ZPu0X3OqsCvcvMjLBZd
YyH/wMpG0U5Ae8zxrnu73kYadFCmmeuj/8KfF1VLsId07ImRstZfgeUYIJ//N895
NfqqAdJuioLAH9qOngfQIQCiCd742ZQItlgaEEqhsj6oe+HiINs95z1WKi6faVyz
7WU95dh8voVrao+3CH2x
=hOsV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.