FS#44236 - [php] CVE-2015-2331 ZIP Integer Overflow leads to writing past heap boundary
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Wednesday, 18 March 2015, 09:05 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 12:54 GMT
Opened by Remi Gacogne (rgacogne) - Wednesday, 18 March 2015, 09:05 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 12:54 GMT
|
Details
Hello,
An integer overflow vulnerability has been found [0] in PHP <= 5.6.6 and assigned CVE-2015-2331, as it is probably exploitable. A fix has been committed [1] and I believe it would be nice to backport it until a new release is available. Many thanks! [0]: https://bugs.php.net/bug.php?id=69253 [1]: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 |
This task depends upon
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2331
greetings from the Arch CVE-Monitoring Team :-)