CVE-2017-7963

Name of the Vulnerable Software and Affected Versions PHP versions through 7.1.4

Description The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in case of an OOM condition, and the only attack vector is denial of service. However, if attacker-controlled, unbounded allocations are allowed, there is a DoS vector regardless of GMP's OOM behavior.

Recommendations For PHP versions through 7.1.4, consider restricting the length of input strings to prevent unbounded allocations and minimize the risk of denial of service attacks. As a temporary workaround, monitor application memory consumption and implement measures to prevent excessive memory usage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.