CVE-2024-2757

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PHP versions 8.3.0 through 8.3.4

Description The issue is related to the function mb encode mimeheader() in PHP, which can run endlessly for certain inputs containing long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.

Recommendations For PHP versions 8.3.0 through 8.3.4, update to version 8.3.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of the mb encode mimeheader() function in applications until a patch is available.

Fix

DoS

Resource Exhaustion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-835

Related Identifiers

ALT-PU-2024-6442

AZL-40055

BDU:2024-03214

BIT-LIBPHP-2024-2757

BIT-PHP-2024-2757

BIT-PHP-MIN-2024-2757

CVE-2024-2757

GHSA-FJP9-9HWX-59FQ

OPENSUSE-SU-2024:13867-1

Affected Products

Alt Linux

Php

Red Os

CVE-2024-2757

Weakness Enumeration

Related Identifiers

Affected Products

References · 38