Description
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Remediation
References
Related Vulnerabilities
Joomla Improper Input Validation Vulnerability (CVE-2021-23131)
WordPress Plugin W3 Total Cache Multiple Unspecified Vulnerabilities (0.9.5.1)
MySQL CVE-2022-21633 Vulnerability (CVE-2022-21633)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-0362)
WordPress Plugin Leaflet 'id' Parameter Cross-Site Scripting (0.0.1)