CVE-2011-1467
PHP < 5.3.6 - Denial of Service via NumberFormatter::setSymbol Invalid Argument
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-1467. PoCs published by thoger.
AI-analyzed exploit summary This exploit triggers a denial-of-service vulnerability in PHP's Intl extension by passing an invalid symbol value (2147483648) to numfmt_set_symbol, causing the application to crash. The PoC is minimal but functional for demonstrating the DoS condition.
Description
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
Exploits (1)
This exploit triggers a denial-of-service vulnerability in PHP's Intl extension by passing an invalid symbol value (2147483648) to numfmt_set_symbol, causing the application to crash. The PoC is minimal but functional for demonstrating the DoS condition.