Description
** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Permalinks SQL Injection (1.1)
WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)
Atlassian Jira CVE-2019-8448 Vulnerability (CVE-2019-8448)
Vulnerable package dependencies [low]
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-44790)