Certain inputs provided to mb_encode_mimeheader trigger an endless loop.
A discernible pattern has not yet been identified, but a specific string consistently reproduces the issue.
<?php
mb_internal_encoding('UTF-8');
mb_encode_mimeheader(",9868949,9868978,9869015,9689100,9869121,9869615,9870690,9867116,98558119861183. ", "utf-8", "B");
The mb_encode_mimeheader function seems to enter an infinite loop and fails to return.
Given that this function is integral to numerous email processing routines, including those handling potentially untrusted user inputs, this vulnerability could be exploited for denial-of-service attacks. For instance, CakePHP 5 relies on this function to encode email subjects.
https://github.com/cakephp/cakephp/blob/5.x/src/Mailer/Message.php#L815
BGehrels Reporter
Summary
Certain inputs provided to mb_encode_mimeheader trigger an endless loop.
Details
A discernible pattern has not yet been identified, but a specific string consistently reproduces the issue.
PoC
In PHP 8.3.3, execute:
The mb_encode_mimeheader function seems to enter an infinite loop and fails to return.
Impact
Given that this function is integral to numerous email processing routines, including those handling potentially untrusted user inputs, this vulnerability could be exploited for denial-of-service attacks. For instance, CakePHP 5 relies on this function to encode email subjects.
https://github.com/cakephp/cakephp/blob/5.x/src/Mailer/Message.php#L815