Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Jun 16, 2026

CVE-2003-0172

Description

Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

PHP/PHP
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

Root cause

"A buffer overflow vulnerability exists in the openlog function when handling long filename arguments."

Attack vector

Remote attackers can trigger this vulnerability by providing a long filename argument to the openlog function. This can lead to a crash of the application and potentially allow for arbitrary code execution. The exploit targets PHP 4.3.1 on Windows and possibly other operating systems [ref_id=1].

Affected code

The vulnerability lies within the `openlog` function in PHP versions prior to 4.3.7. The provided exploit code directly calls this function with a crafted string containing shellcode and padding, demonstrating the overflow [ref_id=1].

What the fix does

The advisory does not specify a patch or provide details on how the vulnerability was fixed. However, the original report indicates the bug was present in PHP 4.3.1 and still present in versions up to 4.3.7, with no mention of a fix in the changelog for these versions [ref_id=1].

Preconditions

inputA long filename argument passed to the openlog function.
networkThe vulnerable PHP application must be accessible over the network.
configThe vulnerable PHP version (4.3.1 or potentially later) must be installed on a Windows operating system, or possibly other OSes.

Reproduction

The provided exploit code demonstrates a Proof of Concept by calling the `openlog` function with a specially crafted string that includes shellcode and padding. This can be triggered via a web request to a vulnerable PHP page [ref_id=1].

Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.securityfocus.com/bid/7210nvdExploitPatchVendor Advisory
marc.infonvd
marc.infonvd
www.osvdb.org/2113nvd
www.securityfocus.com/archive/1/316583nvd
www.securityfocus.com/archive/1/385238nvd
exchange.xforce.ibmcloud.com/vulnerabilities/11637nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.015
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000