ext/curl/interface.c in PHP 7.x before 7.0.10 does not...
Critical severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Sep 12, 2016
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 27, 2023
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
References