Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
2015-06-09T18:59:06.770
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | redhat | enterprise_linux | 6.0 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Operating System | apple | mac_os_x | ≤ 10.10.4 | Yes |
| Application | php | php | ≤ 5.4.40 | Yes |
| Application | php | php | 5.4.39 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.0 | Yes |
| Application | php | php | 5.5.1 | Yes |
| Application | php | php | 5.5.2 | Yes |
| Application | php | php | 5.5.3 | Yes |
| Application | php | php | 5.5.4 | Yes |
| Application | php | php | 5.5.5 | Yes |
| Application | php | php | 5.5.6 | Yes |
| Application | php | php | 5.5.7 | Yes |
| Application | php | php | 5.5.8 | Yes |
| Application | php | php | 5.5.9 | Yes |
| Application | php | php | 5.5.10 | Yes |
| Application | php | php | 5.5.11 | Yes |
| Application | php | php | 5.5.12 | Yes |
| Application | php | php | 5.5.13 | Yes |
| Application | php | php | 5.5.14 | Yes |
| Application | php | php | 5.5.18 | Yes |
| Application | php | php | 5.5.19 | Yes |
| Application | php | php | 5.5.20 | Yes |
| Application | php | php | 5.5.21 | Yes |
| Application | php | php | 5.5.22 | Yes |
| Application | php | php | 5.5.23 | Yes |
| Application | php | php | 5.5.24 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.0 | Yes |
| Application | php | php | 5.6.2 | Yes |
| Application | php | php | 5.6.3 | Yes |
| Application | php | php | 5.6.4 | Yes |
| Application | php | php | 5.6.5 | Yes |
| Application | php | php | 5.6.6 | Yes |
| Application | php | php | 5.6.7 | Yes |
| Application | php | php | 5.6.8 | Yes |
| Application | hp | system_management_homepage | ≤ 7.5.3.1 | Yes |
| Operating System | oracle | linux | 6 | Yes |
| Operating System | oracle | linux | 7 | Yes |
| Operating System | oracle | solaris | 11.2 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_hpc_node | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_hpc_node_eus | 7.1 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.1 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |