CVE-2010-4645

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
maverick
Fixed 5.3.3-1ubuntu9.2
released
lucid
Fixed 5.3.2-1ubuntu4.6
released
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.6
released
hardy
Fixed 5.2.4-2ubuntu5.13
released
dapper
Fixed 5.1.2-1ubuntu3.20
released
Common Weakness Enumeration
References
http://bugs.php.net/53632
http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
http://marc.info/?l=bugtraq&m=133226187115472&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/42812
http://secunia.com/advisories/42843
http://secunia.com/advisories/43051
http://secunia.com/advisories/43189
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
http://www.openwall.com/lists/oss-security/2011/01/05/2
http://www.openwall.com/lists/oss-security/2011/01/05/8
http://www.openwall.com/lists/oss-security/2011/01/06/5
http://www.openwall.com/lists/oss-security/2023/05/14/3
http://www.redhat.com/support/errata/RHSA-2011-0195.html
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://www.securityfocus.com/bid/45668
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0060
http://www.vupen.com/english/advisories/2011/0066
http://www.vupen.com/english/advisories/2011/0077
http://www.vupen.com/english/advisories/2011/0198
https://exchange.xforce.ibmcloud.com/vulnerabilities/64470
http://bugs.php.net/53632
http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
http://marc.info/?l=bugtraq&m=133226187115472&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/42812
http://secunia.com/advisories/42843
http://secunia.com/advisories/43051
http://secunia.com/advisories/43189
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
http://www.openwall.com/lists/oss-security/2011/01/05/2
http://www.openwall.com/lists/oss-security/2011/01/05/8
http://www.openwall.com/lists/oss-security/2011/01/06/5
http://www.openwall.com/lists/oss-security/2023/05/14/3
http://www.redhat.com/support/errata/RHSA-2011-0195.html
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://www.securityfocus.com/bid/45668
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0060
http://www.vupen.com/english/advisories/2011/0066
http://www.vupen.com/english/advisories/2011/0077
http://www.vupen.com/english/advisories/2011/0198
https://exchange.xforce.ibmcloud.com/vulnerabilities/64470