CVE-2012-0781

PHP 5.3.8 - Denial of Service via Tidy::diagnose NULL Pointer Dereference

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0781. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2011-4153, focusing on a NULL pointer dereference vulnerability in PHP 5.3.8's zend_strndup() function. The writeup includes root cause analysis, affected code paths, and proof-of-concept demonstrations for triggering the issue.

Description

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.

Exploits (1)

exploitdb WRITEUP
by Maksymilian Arciemowicz · textdosmultiple
https://www.exploit-db.com/exploits/18370

This is a detailed technical analysis of CVE-2011-4153, focusing on a NULL pointer dereference vulnerability in PHP 5.3.8's zend_strndup() function. The writeup includes root cause analysis, affected code paths, and proof-of-concept demonstrations for triggering the issue.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PHP 5.3.8
No auth needed
Prerequisites: Ability to execute PHP code with large input strings
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18370/
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48668
Exploit x_refsource_misc
http://cxsecurity.com/research/103

Scores

EPSS 0.1077
EPSS Percentile 95.3%

Details

CWE
CWE-399
Status published
Products (1)
php/php 5.3.8
Published Jan 18, 2012
Tracked Since Feb 18, 2026