High severity7.5NVD Advisory· Published Apr 19, 2017· Updated Jun 17, 2026
CVE-2017-7963
CVE-2017-7963
Description
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- bugs.php.net/bug.phpnvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.