Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 402079

Summary: dev-lang/php-5.3.10 - fixes overflow again that 5.3.9 tried to fix (CVE-2012-0830)
Product: Gentoo Security Reporter: Nico Baggus <mlspamcb>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major CC: php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Nico Baggus 2012-02-03 16:36:32 UTC 
(update assigned CVE-2012-0830). The funny thing is that this vulnerability was introduced in the fix for the hash collision DOS (CVE-2011-4885) reported in December. 

http://www.php.net/archive/2012.php#id2012-02-02-1

Poc:
https://gist.github.com/1725489

Reference:
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

Reproducible: Always
Comment 1 Agostino Sarubbo gentoo-dev 2012-02-03 16:44:59 UTC 

*** This bug has been marked as a duplicate of bug 401997 ***