CVE-2007-6039

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.5 and earlier

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a long string in specific function parameters. These parameters include the domain parameter to the dgettext function, the message parameter to the dcgettext or gettext function, the msgid1 parameter to the dngettext or ngettext function, or the classname parameter to the stream wrapper register function. This might not be considered a vulnerability in most web server environments that support multiple threads, unless it can be demonstrated to allow code execution.

Recommendations For PHP versions 5.2.5 and earlier, consider updating to a newer version to mitigate the risk of a denial of service. As a temporary workaround, consider restricting the input length for the affected function parameters, such as domain, message, msgid1, and classname, to prevent application crashes. Additionally, restrict access to the stream wrapper register function to minimize the risk of exploitation.