You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
php vulnerability
About this tag
The php vulnerability tag on WindowsForum.com covers security flaws in the PHP programming language, including denial-of-service bugs and hostname parsing issues. Recent discussions include CVE-2024-2757, which causes an endless loop in PHP's mb_encode_mimeheader function affecting PHP 8.3, and CVE-2025-1220, a null byte termination flaw in hostname parsing that impacts Azure Linux. These threads provide technical details, affected versions, and patching guidance for administrators and developers managing PHP environments on Windows or Azure.
PHP’s mb_encode_mimeheader() can be weaponized to deny service: the bug tracked as CVE‑2024‑2757 causes the function to enter an endless loop when fed specially crafted header text, allowing an attacker to tie up PHP worker processes and render mail‑handling components or web endpoints...
Microsoft’s brief MSRC wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for the Azure Linux product family — but it is a product‑scoped attestation, not an exclusive guarantee that no other Microsoft product could contain the same...