Description
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Integration for Contact Form 7 HubSpot Cross-Site Scripting (1.1.9)
Internet Information Services Other Vulnerability (CVE-1999-0736)
IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)
WordPress Plugin LearnDash LMS Cross-Site Scripting (3.1.1.1)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8166)