oss-sec mailing list archives

CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability

From: Péter Veres <moltesalt () gmail com>
Date: Wed, 30 Jun 2010 11:39:05 +0200

Hi Steve,

PHP’s strrchr() function can be interrupted and used for information
leakage due to call time pass by reference.

Could you allocate a CVE id for this issue?

Thanks.

Regards,
Peter Veres (DrMcKay)

Current thread:

CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jun 30)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jun 30)
  - Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Pierre Joye (Jun 30)