The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2017-05-12T20:00:00
Updated: 2024-12-27T16:02:56.664Z
Reserved: 2017-05-12T00:00:00
Link: CVE-2017-8923

No data.

Status : Modified
Published: 2017-05-12T20:29:00.500
Modified: 2024-12-27T16:15:22.243
Link: CVE-2017-8923
