CVE Vulnerabilities

CVE-2024-2757

Published: Apr 29, 2024 | Modified: Jun 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io minimus.io echohq.com

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.

Affected Software

Name Vendor Start Version End Version
Php Php 8.3.0 (including) 8.3.5 (excluding)
Php8.3 Ubuntu devel *
Php8.3 Ubuntu noble *
Php8.3 Ubuntu upstream *

References