Description
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
Exploits (1)
exploitdb
WRITEUP
by Maksymilian Arciemowicz · textdosmultiple
https://www.exploit-db.com/exploits/18370
References (9)
Core 9
Core References
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134012830914727&w=2
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18370/
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48668
Exploit x_refsource_misc
http://cxsecurity.com/research/103
Scores
EPSS
0.0648
EPSS Percentile
91.1%
Details
CWE
CWE-20
Status
published
Products (1)
php/php
5.3.8
Published
Jan 18, 2012
Tracked Since
Feb 18, 2026