7.5
CVE-2024-2757
- EPSS 1.92%
- Veröffentlicht 29.04.2024 04:15:08
- Zuletzt bearbeitet 04.11.2025 18:16:18
- Quelle security@php.net
- CVE-Watchlists
- Unerledigt
PHP mb_encode_mimeheader runs endlessly for some inputs
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.92% | 0.773 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@php.net | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
http://www.openwall.com/lists/oss-security/2024/04/12/11
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
https://security.netapp.com/advisory/ntap-20240510-0011/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/