PHP is vulnerable to denial of service(DoS) attacks. This is because the ext/intl/msgformat/msgformat_parse.c
does not restrict the locale length which allows remote attacker to cause stack-based buffer overflow and application crash or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message
function.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 |