Main Vulnerability Database Vulnerabilities #VU110537

Input validation error in PHP - CVE-2002-2215

Published: September 5, 2008 / Updated: June 8, 2025

Vulnerability identifier: #VU110537

CSH Severity: Medium

CVSS v4.0:

CVE-ID: CVE-2002-2215

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PHP Group

Affected software:
PHP

Detailed vulnerability description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.

How to mitigate CVE-2002-2215

Install update from vendor's website.

Sources

http://bugs.php.net/bug.php?id=19280
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040

Input validation error in PHP - CVE-2002-2215

Detailed vulnerability description

How to mitigate CVE-2002-2215

Sources

Please verify you're human