CVE - CVE-2010-4645

CVE-ID
CVE-2010-4645	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:42812 URL:http://secunia.com/advisories/42812 MISC:42843 URL:http://secunia.com/advisories/42843 MISC:43051 URL:http://secunia.com/advisories/43051 MISC:43189 URL:http://secunia.com/advisories/43189 MISC:45668 URL:http://www.securityfocus.com/bid/45668 MISC:ADV-2011-0060 URL:~~http://www.vupen.com/english/advisories/2011/0060~~ (Obsolete source) MISC:ADV-2011-0066 URL:~~http://www.vupen.com/english/advisories/2011/0066~~ (Obsolete source) MISC:ADV-2011-0077 URL:~~http://www.vupen.com/english/advisories/2011/0077~~ (Obsolete source) MISC:ADV-2011-0198 URL:~~http://www.vupen.com/english/advisories/2011/0198~~ (Obsolete source) MISC:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html MISC:FEDORA-2011-0321 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html MISC:FEDORA-2011-0329 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html MISC:HPSBMU02752 URL:http://marc.info/?l=bugtraq&m=133226187115472&w=2 MISC:HPSBOV02763 URL:http://marc.info/?l=bugtraq&m=133469208622507&w=2 MISC:RHSA-2011:0195 URL:http://www.redhat.com/support/errata/RHSA-2011-0195.html MISC:RHSA-2011:0196 URL:http://www.redhat.com/support/errata/RHSA-2011-0196.html MISC:SSA:2011-010-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686 MISC:SSRT100802 URL:http://marc.info/?l=bugtraq&m=133226187115472&w=2 MISC:SSRT100826 URL:http://marc.info/?l=bugtraq&m=133469208622507&w=2 MISC:USN-1042-1 URL:http://www.ubuntu.com/usn/USN-1042-1 MISC:[oss-security] 20110105 Re: possible flaw in widely used strtod.c implementation URL:http://www.openwall.com/lists/oss-security/2011/01/05/8 MISC:[oss-security] 20110105 possible flaw in widely used strtod.c implementation URL:http://www.openwall.com/lists/oss-security/2011/01/05/2 MISC:[oss-security] 20110106 Re: possible flaw in widely used strtod.c implementation URL:http://www.openwall.com/lists/oss-security/2011/01/06/5 MISC:http://bugs.php.net/53632 URL:http://bugs.php.net/53632 MISC:http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf URL:http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf MISC:http://support.apple.com/kb/HT5002 URL:http://support.apple.com/kb/HT5002 MISC:http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095 URL:http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095 MISC:http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ URL:http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ MISC:php-zendstrtod-dos(64470) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64470 MLIST:[oss-security] 20230514 Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? URL:http://www.openwall.com/lists/oss-security/2023/05/14/3
Assigning CNA
Red Hat, Inc.
Date Record Created
20110103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)