Description

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

Remediation

References

CVE-2007-4784

Related Vulnerabilities

Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2242)

Mibew Messenger Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0829)

PostgreSQL Other Vulnerability (CVE-2012-1618)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0307)

Severity

Medium

Classification

CVE-2007-4784 CWE-20

Tags

Missing Update Known Vulnerabilities