The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://bugs.php.net/bug.php?id=74308 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-04-19T15:00:00Z
Updated: 2024-09-17T00:41:50.863Z
Reserved: 2017-04-19T00:00:00Z
Link: CVE-2017-7963
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-04-19T15:59:00.287
Modified: 2024-11-21T03:33:03.363
Link: CVE-2017-7963
Redhat
No data.