CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
43.6%
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial
of service (application crash) via a long string in (1) the domain
parameter to the dgettext function, the message parameter to the (2)
dcgettext or (3) gettext function, the msgid1 parameter to the (4)
dngettext or (5) ngettext function, or (6) the classname parameter to the
stream_wrapper_register function. NOTE: this might not be a vulnerability
in most web server environments that support multiple threads, unless this
issue can be demonstrated for code execution.
Author | Note |
---|---|
jdstrand | arguments to functions in question should be under control of the script author, so not security-sensitive also shouldn’t affect multi-threaded environments |