Unrated severityNVD Advisory· Published Apr 29, 2024· Updated Nov 4, 2025
PHP mb_encode_mimeheader runs endlessly for some inputs
CVE-2024-2757
Description
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:bitnami/libphppkg:bitnami/phppkg:bitnami/php-minpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
>= 8.3.0, < 8.3.5+ 3 more
- (no CPE)range: >= 8.3.0, < 8.3.5
- (no CPE)range: >= 8.3.0, < 8.3.5
- (no CPE)range: >= 8.3.0, < 8.3.5
- (no CPE)range: < 8.3.6-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.