CVE-2010-4645

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	5.2.0 (including)	5.2.0 (including)
Php	Php	5.2.1 (including)	5.2.1 (including)
Php	Php	5.2.2 (including)	5.2.2 (including)
Php	Php	5.2.3 (including)	5.2.3 (including)
Php	Php	5.2.4 (including)	5.2.4 (including)
Php	Php	5.2.5 (including)	5.2.5 (including)
Php	Php	5.2.6 (including)	5.2.6 (including)
Php	Php	5.2.7 (including)	5.2.7 (including)
Php	Php	5.2.8 (including)	5.2.8 (including)
Php	Php	5.2.9 (including)	5.2.9 (including)
Php	Php	5.2.10 (including)	5.2.10 (including)
Php	Php	5.2.11 (including)	5.2.11 (including)
Php	Php	5.2.12 (including)	5.2.12 (including)
Php	Php	5.2.13 (including)	5.2.13 (including)
Php	Php	5.2.14 (including)	5.2.14 (including)
Php	Php	5.2.15 (including)	5.2.15 (including)
Php	Php	5.2.16 (including)	5.2.16 (including)
Php5	Ubuntu	dapper	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	hardy	*
Php5	Ubuntu	karmic	*
Php5	Ubuntu	lucid	*
Php5	Ubuntu	maverick	*
Php5	Ubuntu	upstream	*
Red Hat Enterprise Linux 5	RedHat	php53-0:5.3.3-1.el5_6.1	*
Red Hat Enterprise Linux 6	RedHat	php-0:5.3.2-6.el6_0.1	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4645
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References