oss-sec mailing list archives
Re: CVE request: format-string vulnerability in PHP Phar extension
From: Felipe Pena <felipensp () gmail com>
Date: Mon, 14 Mar 2011 10:59:04 -0300
2011/3/14 Felipe Pena <felipensp () gmail com>
Hi, I just found several format-string vulnerability in PHP Phar extension, a bug has been filed in the PHP bugtracker (private): http://bugs.php.net/bug.php?id=54247 On error several class methods passes the supplied argument to zend_throw_exception_ex() which prints a formatted error message using such value as the formatter string. $ sapi/cli/php ../bug.php "%08x.%08x.%08x.%08x.%08x" PHP Fatal error: Uncaught exception 'PharException' with message 'unable to open phar for reading "00000008.00000000.bf95c204.0963e050.00000014"' in /home/felipe/dev/bug.php:4
A fix has been committed for this issue: http://svn.php.net/viewvc?view=revision&revision=309221 -- Regards, Felipe Pena
Current thread:
- CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Josh Bressers (Mar 14)