{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-2757", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2024-03-21T05:32:12.866Z", "datePublished": "2024-04-29T03:49:15.519Z", "dateUpdated": "2024-08-01T19:25:41.969Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.3.5", "status": "affected", "version": "8.3.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Benjamin Gehrels"}], "datePublic": "2024-04-11T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In PHP 8.3.* before 8.3.5, function&nbsp;mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.&nbsp;<br></p>"}], "value": "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.\u00a0\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-04-29T03:49:15.519Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11"}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/"}], "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hw", "discovery": "EXTERNAL"}, "title": "PHP mb_encode_mimeheader runs endlessly for some inputs", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2757", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T11:27:03.875027Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.3"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:30:17.042Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.969Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.969Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2757", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T11:27:03.875027Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*"], "vendor": "php_group", "product": "php", "versions": [{"status": "affected", "version": "8.3"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T11:29:09.730Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "PHP mb_encode_mimeheader runs endlessly for some inputs", "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hw", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Benjamin Gehrels"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"status": "affected", "version": "8.3.*", "lessThan": "8.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-11T23:00:00.000Z", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11"}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.\u00a0\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>In PHP 8.3.* before 8.3.5, function&nbsp;mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.&nbsp;<br></p>", "base64": false}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-04-29T03:49:15.519Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2757", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:25:41.969Z", "dateReserved": "2024-03-21T05:32:12.866Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2024-04-29T03:49:15.519Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.\u00a0\n\n"}, {"lang": "es", "value": "En PHP 8.3.* anterior a 8.3.5, la funci\u00f3n mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podr\u00eda provocar un posible ataque DoS si un usuario hostil env\u00eda datos a una aplicaci\u00f3n que utiliza esta funci\u00f3n."}], "id": "CVE-2024-2757", "lastModified": "2024-07-03T01:53:32.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@php.net", "type": "Secondary"}]}, "published": "2024-04-29T04:15:08.113", "references": [{"source": "security@php.net", "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11"}, {"source": "security@php.net", "url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"}, {"source": "security@php.net", "url": "https://security.netapp.com/advisory/ntap-20240510-0011/"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "php: mb_encode_mimeheader runs endlessly for some inputs", "id": "2275068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275068"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.\u00a0", "An infinite loop vulnerability was found in PHP. Certain inputs provided to mb_encode_mimeheader trigger an endless loop."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-2757", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.0/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.1/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2757\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2757\nhttps://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"], "statement": "Red Hat Enterprise Linux remains unaffected by this vulnerability since it does not include the vulnerable codebase or version. This CVE only affects PHP 8.3 that we did not ship.\nThe vulnerability in mb_encode_mimeheader presents a moderate severity issue due to its potential for causing service disruption and resource exhaustion. While the vulnerability primarily manifests as an infinite loop with specific input strings, it requires the function to be invoked with the problematic input. This limits its immediate impact to systems where the function is explicitly called with unfiltered or untrusted inputs. Moreover, its exploitation primarily leads to a Denial-of-Service (DoS) condition rather than arbitrary code execution or data compromise. However, given the function's integral role in email processing and its use in frameworks like CakePHP 5, the risk of disruption to email services and associated processing routines is non-trivial.", "threat_severity": "Moderate", "upstream_fix": "php 8.3.6"}