CVE-2003-0166

PHP - Denial of Service and Possible Remote Code Execution via Negative Arguments to socket_recv and socket_recvfrom

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-0166. PoCs published by Sir Mordred.

AI-analyzed exploit summary This exploit demonstrates an integer overflow vulnerability in PHP's socket_recvfrom() function, which can lead to memory corruption and potentially a denial of service or arbitrary code execution. The PoC triggers the vulnerability by passing a negative value as the buffer length.

Description

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Sir Mordred · phpdosphp
https://www.exploit-db.com/exploits/22426

This exploit demonstrates an integer overflow vulnerability in PHP's socket_recvfrom() function, which can lead to memory corruption and potentially a denial of service or arbitrary code execution. The PoC triggers the vulnerability by passing a negative value as the buffer length.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP versions 4.3.1 and earlier
No auth needed
Prerequisites: PHP compiled with --enable-sockets
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Sir Mordred · phpdosphp
https://www.exploit-db.com/exploits/22425

This exploit demonstrates an integer overflow vulnerability in PHP's socket_recv() function, which can lead to memory corruption and potentially arbitrary code execution. The PoC triggers the issue by passing a negative length value (-3) to the function.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP versions 4.3.1 and earlier
No auth needed
Prerequisites: PHP compiled with --enable-sockets
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Sir Mordred · phpdosphp
https://www.exploit-db.com/exploits/22419

This exploit targets an integer overflow vulnerability in PHP's socket_iovec_alloc() function, which can lead to memory corruption and potentially arbitrary code execution. The PoC triggers the issue by passing a large integer value (0x20000000) to the function.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: PHP versions 4.3.1 and earlier (with --enable-sockets)
No auth needed
Prerequisites: PHP compiled with --enable-sockets
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104931415307111&w=2
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104878100719467&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7198
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104869828526885&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7197

Scores

EPSS 0.1412
EPSS Percentile 96.1%

Details

Status published
Products (17)
php/php 4.0
php/php 4.0.1
php/php 4.0.2
php/php 4.0.3
php/php 4.0.4
php/php 4.0.5
php/php 4.0.6
php/php 4.0.7
php/php 4.1.0
php/php 4.1.1
... and 7 more
Published Apr 02, 2003
Tracked Since Feb 18, 2026