Описание
mb_encode_mimeheader runs endlessly for some inputs
Summary
Certain inputs provided to mb_encode_mimeheader trigger an endless loop.
Details
A discernible pattern has not yet been identified, but a specific string consistently reproduces the issue.
PoC
In PHP 8.3.3, execute:
The mb_encode_mimeheader function seems to enter an infinite loop and fails to return.
Impact
Given that this function is integral to numerous email processing routines, including those handling potentially untrusted user inputs, this vulnerability could be exploited for denial-of-service attacks. For instance, CakePHP 5 relies on this function to encode email subjects. https://github.com/cakephp/cakephp/blob/5.x/src/Mailer/Message.php#L815
Пакеты
< 8.3.5
8.3.6
Связанные уязвимости
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
In PHP 8.3.* before 8.3.5, functionmb_encode_mimeheader() runs endless ...