Temporary files are not cleaned after OOM when parsing HTTP request data

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

未加控制的资源消耗(资源穷尽)

PHP 输入验证错误漏洞

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP 7.2.31之前的7.2.x版本、7.3.18之前的7.3.x版本和7.4.6之前的7.4.x版本中存在输入验证错误漏洞，该漏洞源于在通过HTTP协议上传文件时，如果文件名或字段名过长，PHP引擎会分配过大内存，达到内存限制并停止处理请求，但不会清除创建的临时文件。攻击者可利用该漏洞导

N/A

N/A