Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()

[Tyler Hicks <tyhicks () canonical com>]

On 2015-03-30 23:42:01, Tomas Hoger wrote:
> On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:
>
> > I'd like to request a CVE for the PHP Sec Bug #69085.
> >
> > Description:
> > SoapClient's __call() method is prone to a type confusion
> > vulnerability which can be used to gain remote code execution through
> > unsafe unserialize() calls.
> >
> > Info:
> > https://bugs.php.net/bug.php?id=69085
>
> There is another unserialize issue fixed in 5.6.7, 5.5.23 and 5.4.39
> and currently listed on PHP 5 Changelog page:
>
> http://php.net/ChangeLog-5.php
>
> Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-0231)
> https://bugs.php.net/68976

I believe that the ChangeLog-5.php page contains a typo since NVD claims
that CVE-2015-2787 corresponds to PHP bug #68976:

 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2787

Tyler

> While this lists CVE, it's CVE that was assigned to an issue fixed in
> 5.6.5, 5.5.21 and 5.4.37:
>
> Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
> https://bugs.php.net/68710
>
> New id seems to be required for the new issue.
>
> -- 
> Tomas Hoger / Red Hat Product Security

Attachment: signature.asc
Description: Digital signature