Infinite loop in mb_encode_mimeheader for some inputs

Publication Date2024-04-12
TypeDenial of Service
Affected PHP Versions
  • 8.3.0 - 8.3.5
Fixed Product Versions
  • ZendPHP 8.3

CVE Details

Specially crafted input to mb_encode_mimeheader() can lead to an infinite loop. Considering that this function is integral to numerous email processing routines, users of PHP 8.3.0 who do any email processing should upgrade immediately.


If you are not on an affected PHP version, or if you are not using mb_encode_mimeheader, either directly or indirectly (e.g, through a library), no change is required. Otherwise, we recommend updating to 8.3.6 or later immediately.