Denial Of Service (DoS)

2020-08-0621:40:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

php7 is vulnerable to denial of service. When HTTP file uploads are allowed, overly long filenames or field names could cause the engine to allocate oversized memory storage and stop further processes when the memory limit is hit. This results in the accumulation of uncleaned temporary files exhausting the disk space on the target server.

CPENameOperatorVersion
php7:3.11eq7.3.17-r0
php7:3.11eq7.3.15-r0
php7eq7.2.27-r0
rh-php73-phpeq7.3.11__1.el7
php7:edgeeq7.3.17-r2
php7:edgeeq7.3.16-r2
php7:edgeeq7.3.16-r1
php7:edgeeq7.3.15-r2
php7:edgeeq7.3.16-r0
php7:edgeeq7.3.17-r1

Name	Operator	Version
php7:3.11	eq	7.3.17-r0
php7:3.11	eq	7.3.15-r0
php7	eq	7.2.27-r0
rh-php73-php	eq	7.3.11__1.el7
php7:edge	eq	7.3.17-r2
php7:edge	eq	7.3.16-r2
php7:edge	eq	7.3.16-r1
php7:edge	eq	7.3.15-r2
php7:edge	eq	7.3.16-r0
php7:edge	eq	7.3.17-r1