CVE-2011-1938

PHP <5.3.7 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Jonathan Salwan · phplocalmultiple
https://www.exploit-db.com/exploits/17486
exploitdb WORKING POC VERIFIED
by Marek Kroemeke · phplocalmultiple
https://www.exploit-db.com/exploits/17318

References (18)

Scores

EPSS 0.3399
EPSS Percentile 97.0%

Details

CWE
CWE-119
Status published
Products (4)
php/php 5.3.3
php/php 5.3.4
php/php 5.3.5
php/php 5.3.6
Published May 31, 2011
Tracked Since Feb 18, 2026