CVE-2011-0420

PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0420. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit triggers a NULL-pointer dereference in PHP's grapheme_extract function, causing a denial-of-service (DoS) condition. The PoC is a single function call with invalid parameters, demonstrating the vulnerability.

Description

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textdosphp
https://www.exploit-db.com/exploits/35354

This exploit triggers a NULL-pointer dereference in PHP's grapheme_extract function, causing a denial-of-service (DoS) condition. The PoC is a single function call with invalid parameters, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP 5.3.5 (and possibly other versions)
No auth needed
Prerequisites: PHP with grapheme support enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textdoslinux
https://www.exploit-db.com/exploits/16182

This exploit demonstrates a NULL pointer dereference vulnerability in PHP 5.3.5's grapheme_extract() function when called with a negative size parameter, leading to a crash. The PoC shows how manipulating the input string length can control the RIP register during the crash.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP 5.3.5
No auth needed
Prerequisites: PHP 5.3.5 with Intl extension enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516504/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2266
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/210829
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46429
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8087
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16182
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65437
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516518/100/0/threaded
Exploit third-party-advisory x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/94
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002

Scores

EPSS 0.1441
EPSS Percentile 96.2%

Details

Status published
Products (1)
php/php 5.3.5
Published Feb 19, 2011
Tracked Since Feb 18, 2026