PHP’s fnmatch() function can be used to crash PHP through a stack exhaustion attack.
Affected is PHP 5.2 <= 5.2.13
Affected is PHP 5.3 <= 5.3.2
The vulnerability was discovered by Mateusz Kocielski with his Minerva PHP Fuzzer.
This vulnerability is a stack exhaustion vulnerability that crashes PHP in different ways depending on how libc implements fnmatch() on your platform e.g. a too deep recursion. It is not believed to be exploitable for code execution.
Proof of concept, exploit or instructions to reproduce
The following proof of concept code tries to trigger the vulnerability, which is supposed to crash PHP. If you cannot reproduce it then you might need to adjust your stack ulimit. The code might not crash if your libc does not implement fnmatch() in a recursive way.
$a57 = str_repeat("A", 16000000);
$a265 = fnmatch($a57, "");
Because this is very likely only a local stack exhaustion attack fixing it is considered low priority.