Description

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Remediation

References

CVE-2007-4783

Related Vulnerabilities

Django DEPRECATED: Code Vulnerability (CVE-2015-0222)

WordPress Plugin post highlights 'ph_settings.php' SQL Injection (2.2)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)

WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6752)

Severity

Medium

Classification

CVE-2007-4783 CWE-20

Tags

Missing Update Known Vulnerabilities