Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2757

Published: 29/04/2024 Updated: 01/05/2024

Vulnerability Summary

In PHP 8.3.* prior to 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. 

Vulnerability Trend

Mailing Lists

Full Disclosure: PHP security releases 8.1.28, 8.2.18, & 8.3.6
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> PHP security releases 8128, 8218, &amp; 836 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmit ...

References

https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fqhttp://www.openwall.com/lists/oss-security/2024/04/12/11https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q2/113
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook