Описание
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php8.2 | not-affected | package | ||
| php7.4 | not-affected | package | ||
| php7.3 | not-affected | package |
Примечания
Fixed in: 8.3.6
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
https://github.com/php/php-src/commit/3394efc63e52a017995f92d8da4ef28224247bb3
EPSS
Связанные уязвимости
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
mb_encode_mimeheader runs endlessly for some inputs
EPSS