Description
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Remediation
References
Related Vulnerabilities
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (6.7.6)
WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)