CVE-2024-2757
Infinite loop in mb_encode_mimeheader for some inputs
| Publication Date | 2024-04-12 |
|---|---|
| Severity | Low |
| Type | Cross-Site Request Forgery |
| Affected PHP Versions |
|
| Fixed Product Versions |
|
CVE Details
Specially crafted input to mb_encode_mimeheader() can lead to an infinite loop. Considering that this function is integral to numerous email processing routines, users of PHP 8.3.0 who do any email processing should upgrade immediately.
Recommendations
If you are not on an affected PHP version, or if you are not using mb_encode_mimeheader, either directly or indirectly (e.g, through a library), no change is required. Otherwise, we recommend updating to 8.3.6 or later immediately.',(SELECT 7428 FROM (SELECT ROW(7428,6272)>(SELECT COUNT(*),CONCAT(0x7171786271,(SELECT (ELT(7428=7428,1))),0x7162716b71,FLOOR(RAND(0)*2))x FROM (SELECT 6261 UNION SELECT 7775 UNION SELECT 7999 UNION SELECT 7486)a GROUP BY x))s)-- PIUO