CVE-2010-4645

Severity

50%

Complexity

99%

Confidentiality

48%

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

PHP

First reported 14 years ago

2011-01-11 03:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

PHP 5.2.0

5.2.0

PHP 5.2.1

5.2.1

PHP 5.2.2

5.2.2

PHP 5.2.3

5.2.3

PHP 5.2.4

5.2.4

PHP 5.2.5

5.2.5

PHP 5.2.6

5.2.6

PHP 5.2.7

5.2.7

PHP 5.2.8

5.2.8

PHP 5.2.9

5.2.9

PHP 5.2.10

5.2.10

PHP 5.2.11

5.2.11

PHP 5.2.12

5.2.12

PHP 5.2.13

5.2.13

PHP 5.2.14

5.2.14

PHP 5.2.15

5.2.15

PHP 5.2.16

5.2.16

PHP 5.3.0

5.3.0

PHP 5.3.1

5.3.1

PHP 5.3.2

5.3.2

PHP 5.3.3

5.3.3

PHP 5.3.4

5.3.4

References

http://bugs.php.net/53632

Exploit

http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf

APPLE-SA-2011-10-12-3

FEDORA-2011-0329

FEDORA-2011-0321

HPSBMU02752

SSRT100826

42812

42843

43051

43189

SSA:2011-010-01

http://support.apple.com/kb/HT5002

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095

Patch

http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

[oss-security] 20110105 possible flaw in widely used strtod.c implementation

Exploit, Patch

[oss-security] 20110105 Re: possible flaw in widely used strtod.c implementation

[oss-security] 20110106 Re: possible flaw in widely used strtod.c implementation

RHSA-2011:0195

RHSA-2011:0196

45668

Exploit

USN-1042-1

ADV-2011-0060

Vendor Advisory

ADV-2011-0066

ADV-2011-0077

ADV-2011-0198

php-zendstrtod-dos(64470)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.