CVE-2011-4153

PHP 5.3.8 - Denial of Service via zend_strndup Return Value Mismanagement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4153. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2011-4153, focusing on a NULL pointer dereference vulnerability in PHP 5.3.8's zend_strndup() function. The writeup includes root cause analysis, affected code paths, and proof-of-concept demonstrations for triggering the issue.

Description

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Exploits (1)

exploitdb WRITEUP

by Maksymilian Arciemowicz · textdosmultiple

https://www.exploit-db.com/exploits/18370

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2011-4153, focusing on a NULL pointer dereference vulnerability in PHP 5.3.8's zend_strndup() function. The writeup includes root cause analysis, affected code paths, and proof-of-concept demonstrations for triggering the issue.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PHP 5.3.8

No auth needed

Prerequisites: Ability to execute PHP code with large input strings

MITRE ATT&CK