ALAS-2012-037 --- phpID: oval:org.secpod.oval:def:1601294 | Date: (C)2020-11-27 (M)2022-11-29 |
Class: PATCH | Family: unix |
It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format metadata from the image file
Platform: |
Amazon Linux AMI |