DISPUTED The _zval_get_long_func_ex in Zend/zend_operators.c in PHP
7.1.2 allows attackers to cause a denial of service (NULL pointer
dereference and application crash) via crafted use of “declare(ticks=” in a
PHP script. NOTE: the vendor disputes the classification of this as a
vulnerability, stating “Please do not request CVEs for ordinary bugs. CVEs
are relevant for security issues only.”
Author | Note |
---|---|
mdeslaur | disputed, not a security issue |