KLA10931
Denial of service vulnerability in PHP
Updated: 06/01/2019
Detect date
?
01/04/2017
Severity
?
Critical
Description

An unspecified vulnerability was found in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via a locale_get_display_name call with a long first argument.


Technical details

This vulnerability occurs in the get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c.

Affected products

PHP before 5.3.29
PHP 5.4.x before 5.4.30
PHP 5.5.x before 5.5.14

Solution

Update to the latest version
Download PHP

Original advisories

PHP Bugs

Impacts
?
DoS 
[?]
Related products
PHP
CVE-IDS
?
CVE-2014-99127.5Critical