CVE-2011-3336
HIGHPHP 5.3.0-5.3.9 - Denial of Service via Stack Exhaustion in regcomp
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-3336. PoCs published by Maksymilian Arciemowicz.
AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in multiple vendors' libc libraries by causing stack exhaustion. It also includes a PHP memory_limit bypass proof-of-concept using a deeply nested regular expression.
Description
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Maksymilian Arciemowicz · phpdosmultiple
https://www.exploit-db.com/exploits/36288
This exploit demonstrates a denial-of-service (DoS) vulnerability in multiple vendors' libc libraries by causing stack exhaustion. It also includes a PHP memory_limit bypass proof-of-concept using a deeply nested regular expression.
Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:
libc (NetBSD 5.1, OpenBSD 5.0, FreeBSD 8.2, Apple Mac OSX), PHP 5.3/5.4
No auth needed
Prerequisites:
PHP environment with memory_limit set
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/166
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50541
Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
https://www.securityfocus.com/archive/1/520390
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2011110082
Scores
CVSS v3
7.5
EPSS
0.0654
EPSS Percentile
92.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (4)
apple/mac_os_x
10.6.0 - 10.7.2
freebsd/freebsd
8.2
openbsd/openbsd
5.0
php/php
5.3.0 - 5.3.10
Published
Feb 12, 2020
Tracked Since
Feb 18, 2026