QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-4645

Back to search

CVE-2010-4645

Published: Jan 11, 2011

Modified: Feb 13, 2025

PUBLISHED

Description

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2011-0077
vdb-entry
x_refsource_VUPEN
45668
vdb-entry
x_refsource_BID
HPSBMU02752
vendor-advisory
x_refsource_HP
42812
third-party-advisory
x_refsource_SECUNIA
HPSBOV02763
vendor-advisory
x_refsource_HP
RHSA-2011:0196
vendor-advisory
x_refsource_REDHAT
FEDORA-2011-0321
vendor-advisory
x_refsource_FEDORA
RHSA-2011:0195
vendor-advisory
x_refsource_REDHAT
http://bugs.php.net/53632
x_refsource_CONFIRM
ADV-2011-0198
vdb-entry
x_refsource_VUPEN
SSA:2011-010-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2011-0066
vdb-entry
x_refsource_VUPEN
USN-1042-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
FEDORA-2011-0329
vendor-advisory
x_refsource_FEDORA
42843
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0060
vdb-entry
x_refsource_VUPEN
php-zendstrtod-dos(64470)
vdb-entry
x_refsource_XF
43189
third-party-advisory
x_refsource_SECUNIA
43051
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now