CVE-2007-3790

PHP 5.2.3 - Denial of Service via Long Argument to com_print_typeinfo

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3790. PoCs published by shinnai.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in PHP 5.2.3 by passing a large string to the `com_print_typeinfo()` function when the bz2 extension is loaded. The vulnerability causes a crash due to improper handling of the input buffer.

Description

The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · phpdosmultiple

https://www.exploit-db.com/exploits/4175

View Code ZIP pw:eip

This exploit triggers a Denial of Service (DoS) in PHP 5.2.3 by passing a large string to the `com_print_typeinfo()` function when the bz2 extension is loaded. The vulnerability causes a crash due to improper handling of the input buffer.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP 5.2.3 with bz2 extension

No auth needed

Prerequisites: bz2 extension loaded in PHP

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4175

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36854

Scores

EPSS 0.0302

EPSS Percentile 85.7%

Details

Status published

Products (1)

php/php 5.2.3

Published Jul 15, 2007

Tracked Since Feb 18, 2026