CVE Vulnerabilities

CVE-2010-4645

Published: Jan 11, 2011 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

Affected Software

Name Vendor Start Version End Version
Php Php 5.2.0 5.2.0
Php Php 5.2.1 5.2.1
Php Php 5.2.2 5.2.2
Php Php 5.2.3 5.2.3
Php Php 5.2.4 5.2.4
Php Php 5.2.5 5.2.5
Php Php 5.2.6 5.2.6
Php Php 5.2.7 5.2.7
Php Php 5.2.8 5.2.8
Php Php 5.2.9 5.2.9
Php Php 5.2.10 5.2.10
Php Php 5.2.11 5.2.11
Php Php 5.2.12 5.2.12
Php Php 5.2.13 5.2.13
Php Php 5.2.14 5.2.14
Php Php 5.2.15 5.2.15
Php Php 5.2.16 5.2.16
Red Hat Enterprise Linux 5 RedHat php53-0:5.3.3-1.el5_6.1 *
Red Hat Enterprise Linux 6 RedHat php-0:5.3.2-6.el6_0.1 *
Php5 Ubuntu dapper *
Php5 Ubuntu devel *
Php5 Ubuntu hardy *
Php5 Ubuntu karmic *
Php5 Ubuntu lucid *
Php5 Ubuntu maverick *
Php5 Ubuntu upstream *

References