CVE-2010-4645
CVE-2010-4645
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/35164unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.php.net/53632http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdfhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.htmlhttp://marc.info/?l=bugtraq&m=133226187115472&w=2http://marc.info/?l=bugtraq&m=133469208622507&w=2http://secunia.com/advisories/42812http://secunia.com/advisories/42843http://secunia.com/advisories/43051http://secunia.com/advisories/43189https://exchange.xforce.ibmcloud.com/vulnerabilities/64470