Description

** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior."

Remediation

References

CVE-2017-7963

Related Vulnerabilities

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.4.7)

Apache HTTP Server Other Vulnerability (CVE-2003-0460)

Oracle Database Server CVE-2017-10282 Vulnerability (CVE-2017-10282)

WordPress Plugin Pixel Manager for WooCommerce-Track Google Analytics, Google Ads, TikTok and more Supply Chain Attack [Polyfill.io] (1.43.3)

WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)

Severity

High

Classification

CVE-2017-7963 CWE-770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities