Denial Of Service (DoS)

php is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization of changes to string objects in the zendstringextend function in Zend/zendstring.h...

PHP 7.0.x < 7.0.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.19. It is, therefore, affected by the following vulnerabilities : - A memory allocation issue exists in the zendstringextend function in file Zend/zendstring.h when concatenating strings due to a...

Design/Logic Flaw

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

CVE-2017-8923

CVE-2017-8923 affects PHP up to 7.1.5. The vulnerability is in Zend/zend_string.h:zend_string_extend, which does not prevent changes to string objects resulting in a negative length when using a script’s .= with a long string. This can allow a remote attacker to trigger a denial of service (appli...

CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...