Description
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Remediation
References
Related Vulnerabilities
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)
Internet Information Services Other Vulnerability (CVE-2000-0951)
WordPress Plugin Easy Registration Forms Cross-Site Request Forgery (2.1.1)
WordPress Plugin 3DPrint Lite Arbitrary File Upload (1.9.1.4)