5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
87.1%
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does
not properly use the breakcharlen variable, which allows remote attackers
to cause a denial of service (divide-by-zero error and application crash,
or infinite loop) via certain arguments, as demonstrated by a ‘chr(0), 0,
“”’ argument set.
Author | Note |
---|---|
kees | http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64&view=patch 200-string-wordwrap.patch |