PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service

EDB-ID:

35354




Platform:

PHP

Date:

2011-02-17


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/46429/info

PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users.

PHP 5.3.5 is vulnerable; other versions may also be affected. 

The following proof-of-concept is available:

grapheme_extract('a',-1);