CVE-2010-4409

PHP < 5.3.3 - Denial of Service via NumberFormatter::getSymbol Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4409. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary The exploit demonstrates an integer overflow vulnerability in PHP 5.3.3's NumberFormatter::getSymbol function, leading to a segmentation fault due to improper handling of large integer values. The PoC triggers a crash by passing an excessively large integer (e.g., 2147483648) to the function, causing a buffer overflow in the ICU library's UnicodeString::extract method.

Description

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.

Exploits (1)

exploitdb WORKING POC
by Maksymilian Arciemowicz · textdosmultiple
https://www.exploit-db.com/exploits/15722

The exploit demonstrates an integer overflow vulnerability in PHP 5.3.3's NumberFormatter::getSymbol function, leading to a segmentation fault due to improper handling of large integer values. The PoC triggers a crash by passing an excessively large integer (e.g., 2147483648) to the function, causing a buffer overflow in the ICU library's UnicodeString::extract method.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP 5.3.3
No auth needed
Prerequisites: PHP 5.3.3 with Intl extension enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1042-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0077
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47674
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42812
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:255
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0021
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515142/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15722
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0020
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45119
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/479900

Scores

EPSS 0.1888
EPSS Percentile 96.9%

Details

CWE
CWE-189
Status published
Products (45)
php/php 1.0
php/php 2.0
php/php 2.0b10
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
... and 35 more
Published Dec 06, 2010
Tracked Since Feb 18, 2026