CVE-2003-0166

Php - Denial of Service

Title source: rule

Description

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Sir Mordred · phpdosphp

https://www.exploit-db.com/exploits/22426

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Sir Mordred · phpdosphp

https://www.exploit-db.com/exploits/22425

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Sir Mordred · phpdosphp

https://www.exploit-db.com/exploits/22419

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=104931415307111&w=2

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691

[Mailing List] http://marc.info/?l=bugtraq&m=104878100719467&w=2

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/7198

[Mailing List] http://marc.info/?l=bugtraq&m=104869828526885&w=2

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/7197

Scores

EPSS 0.2661

EPSS Percentile 96.4%

Details

Status published

Products (17)

php/php 4.0

php/php 4.0.1

php/php 4.0.2

php/php 4.0.3

php/php 4.0.4

php/php 4.0.5

php/php 4.0.6

php/php 4.0.7

php/php 4.1.0

php/php 4.1.1

... and 7 more

Published Apr 02, 2003

Tracked Since Feb 18, 2026