header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
5.5
CVSS
MEDIUM
Denial-of-Service
476
CWE
Product Name: PHP
Affected Version From: PHP 5.3.5
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:php:php:5.3.5
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

NULL-pointer dereference DoS vulnerability in PHP

The vulnerability is caused by a NULL-pointer dereference in PHP. An attacker can exploit this issue by using a proof-of-concept such as the 'grapheme_extract' function with a negative value, causing an application written in PHP to crash and deny service to legitimate users.

Mitigation:

Update to a patched version of PHP. As of now, there is no specific mitigation available for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46429/info

PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users.

PHP 5.3.5 is vulnerable; other versions may also be affected. 

The following proof-of-concept is available:

grapheme_extract('a',-1);