Description
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2)
PHP NULL Pointer Dereference Vulnerability (CVE-2021-21702)
WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2)
Oracle JRE CVE-2013-3829 Vulnerability (CVE-2013-3829)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)