CVE-2012-2688

Priority
Low
Description
Unspecified vulnerability in the _php_stream_scandir function in the stream
implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown
impact and remote attack vectors, related to an "overflow."
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://www.php.net/ChangeLog-5.php
http://www.debian.org/security/2012/dsa-2527
http://www.ubuntu.com/usn/usn-1569-1
Bugs
https://launchpad.net/bugs/1028064
https://bugzilla.redhat.com/show_bug.cgi?id=828051
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683274
Assigned-to
mdeslaur
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.4.5,5.3.15)
Ubuntu 8.04 LTS (Hardy Heron):released (5.2.4-2ubuntu5.26)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.3.2-1ubuntu4.18)
Ubuntu 11.04 (Natty Narwhal):released (5.3.5-1ubuntu7.11)
Ubuntu 11.10 (Oneiric Ocelot):released (5.3.6-13ubuntu3.9)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.3.10-1ubuntu3.4)
Ubuntu 12.10 (Quantal Quetzal):not-affected (5.4.6-1ubuntu1)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=7d04e0fb2ec8be9b1c4b16a9f0b4958f853597f1 (trunk)
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5 (trunk)
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=7d04e0fb2ec8be9b1c4b16a9f0b4958f853597f1 (5.3)
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5 (5.3)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-17 13:15:13 UTC (commit 5768)