lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Mar 2003 00:57:41 +0100 (MET) From: Dullien@....de To: Sir Mordred <mordred@...ail.com> Subject: Re: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator Hey Mr. Mordred, all, > In PHP emalloc() function implements the error safe wrapper around > malloc(). > Unfortunately this function suffers from an integer overflow and > considering the fact that emalloc() is used in many places around PHP > source code, it may lead to many serious security issues. IIRC this bug was mentioned in a talk at last summers Black Hat conference. http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd Cheers, dullien@....de -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Powered by blists - more mailing lists