Summary: | dev-php/pecl-radius: Security flaw in radius_get_vendor_attr() (CVE-2013-2220) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/06/28/2 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-06-28 17:44:33 UTC
CVE-2013-2220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2220): Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. The ebuild exists in the tree and old versions are removed. Security team can continue from here. Security: this is ready for your attention. No glsa for testing branch |