CVE-2024-2757

{"id": "CVE-2024-2757", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-29T04:15:08.113", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "tags": ["Mailing List"], "source": "security@php.net"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq", "tags": ["Exploit", "Vendor Advisory"], "source": "security@php.net"}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/", "tags": ["Third Party Advisory"], "source": "security@php.net"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240510-0011/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function."}, {"lang": "es", "value": "En PHP 8.3.* anterior a 8.3.5, la funci\u00f3n mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podr\u00eda provocar un posible ataque DoS si un usuario hostil env\u00eda datos a una aplicaci\u00f3n que utiliza esta funci\u00f3n."}], "lastModified": "2025-06-18T21:11:40.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE619987-797E-493B-B089-2E1CADDA9C47", "versionEndExcluding": "8.3.5", "versionStartIncluding": "8.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}