Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2757

Published: 29/04/2024 Updated: 01/05/2024

Vulnerability Summary

In PHP 8.3.* prior to 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. 

Vulnerability Trend

Mailing Lists

Full Disclosure: PHP security releases 8.1.28, 8.2.18, & 8.3.6
news-webphpnet/phpannounce/424 (dated April 11) states: news-webphpnet/phpannounce/423 (dated April 11) states: news-webphpnet/phpannounce/425 (dated April 12) states: wwwphpnet/ChangeLog-8php gives these descriptions of the CVE fixes: Note that CVE-2024-2757 is only fixed in 836, while the othe ...

References

https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fqhttp://www.openwall.com/lists/oss-security/2024/04/12/11https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q2/113
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976CVE-2024-33557CVE-2024-36801CVE-2024-35654authentication bypassCVE-2024-24919CSRFcode executionCVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook