CVE-2017-7963

** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior."

Published : 2017-04-19 15:59 Updated : 2019-10-03 00:03

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Php Php 7.1.4 cpe:/a:php:php:7.1.4
  1. Php (1) Search CVE
    1. Php (1) Search CVE
      1. 7.1.4

CWE

ID Name Description Links
CWE-770 Allocation of Resources Without Limits or Throttling The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor. CVE

Reference

History of changes

Date Event
2019-10-03 00:03
2017-04-19 15:59

New CVE