Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8
From: Vincent Danen <vdanen () redhat com>
Date: Sat, 24 Sep 2011 07:56:34 -0600

Could a CVE be assigned for this flaw?  PHP 5.3.7 changed how the is_a()
function worked, and as a result it could allow for remote arbitrary
code execution if certain specific conditions are met (the blog post
referenced below has a good writeup of the flaw).


It looks like this is the fix:



Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]