Description
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.27)
WordPress Plugin Floating Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)
WordPress Plugin Debug Log Manager Cross-Site Request Forgery (2.2.1)