VYPR
Critical severity9.8NVD Advisory· Published May 12, 2017· Updated Jun 17, 2026

CVE-2017-8923

CVE-2017-8923

Description

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

30

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.