Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Bugs: DoS Vulnerability(CVE-2010-2423)

Anonymous
2010-07-19
2012-09-18

  • Anonymous
    2010-07-19

    In Function 'WrapText', when the value of $length becomes zero, the following
    loops becomes an infinte loops.

    while (strlen($word) > 0) {

    $len = $length;

    if ($is_utf8) {

    $len = $this->UTF8CharBoundary($word, $len);

    } elseif (substr($word, $len - 1, 1) == "=") {

    $len--;

    } elseif (substr($word, $len - 2, 1) == "=") {

    $len -= 2;

    }

    $part = substr($word, 0, $len);

    $word = substr($word, $len);

    if (strlen($word) > 0) {

    $message .= $part . sprintf("=%s", $this->LE);

    } else {

    $buf = $part;

    }

    }

    Moreover, $length can be zero when $this->charset is greater than 68 at the
    function 'EncodeHeader'

    Since $this->charset can be defined by users, not programers, this
    vulnerability can be a DoS threat.