Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150819094945.GD6584@suse.de>
Date: Wed, 19 Aug 2015 11:49:45 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: more php unserializing issues

Hi,

I am not sure these have CVE ids yet:

https://bugs.php.net/bug.php?id=70068
Dangling pointer in the unserialization of ArrayObject items
	impact: remote code execution


https://bugs.php.net/bug.php?id=70166
https://bugs.php.net/bug.php?id=70155 (dup)
Use After Free Vulnerability in unserialize() with SPLArrayObject

https://bugs.php.net/bug.php?id=70168
Use After Free Vulnerability in unserialize() with SplObjectStorage

https://bugs.php.net/bug.php?id=70169
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList


These look like they can be exploited for code execution.


https://bugs.php.net/bug.php?id=70019
Files extracted from archive may be placed outside of destination directory

(indirect reference also  https://msisac.cisecurity.org/advisories/2015/2015-091.cfm
 and the php release notes
 http://php.net/ChangeLog-5.php#5.4.44
 http://php.net/ChangeLog-5.php#5.5.28
 http://php.net/ChangeLog-5.php#5.6.12
)

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.