Description
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)
PHP Improper Input Validation Vulnerability (CVE-2013-4248)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)
Kong Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)