CVE-2024-2757

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/04/2024
Last modified:
18/06/2025

Description

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 8.3.0 (including) 8.3.5 (excluding)