Description

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Remediation

References

CVE-2007-4783

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2001-1453)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27946)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4396)

WordPress Plugin PDF Embedder Security Bypass (4.4)

WordPress Plugin Easy Google Analytics for WordPress Cross-Site Request Forgery (1.6.0)

Severity

Medium

Classification

CVE-2007-4783 CWE-20

Tags

Missing Update Known Vulnerabilities