CVE-2011-3182

PHP < 5.3.7 - Denial of Service via Malloc Return Value Mismanagement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3182. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a NULL-pointer dereference vulnerability in PHP's strtotime function, leading to a segmentation fault and denial-of-service when processing a large string input. The PoC includes a PHP script and GDB debugging output confirming the crash.

Description

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · textdosphp

https://www.exploit-db.com/exploits/36070

View Code ZIP pw:eip

This exploit demonstrates a NULL-pointer dereference vulnerability in PHP's strtotime function, leading to a segmentation fault and denial-of-service when processing a large string input. The PoC includes a PHP script and GDB debugging output confirming the crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP 5.3.7

No auth needed

Prerequisites: Ability to execute PHP code with a large input string

MITRE ATT&CK