Description
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Remediation
References
Related Vulnerabilities
Django DEPRECATED: Code Vulnerability (CVE-2015-0222)
WordPress Plugin post highlights 'ph_settings.php' SQL Injection (2.2)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)
WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6752)