#VU45475 Input validation error in PHP - CVE-2010-4645


| Updated: 2020-08-11

Vulnerability identifier: #VU45475

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2010-4645

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.2.0 - 5.2.16, 5.3.0 - 5.3.4

External links
https://bugs.php.net/53632
https://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
https://marc.info/?l=bugtraq&m=133226187115472&w=2
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://secunia.com/advisories/42812
https://secunia.com/advisories/42843
https://secunia.com/advisories/43051
https://secunia.com/advisories/43189
https://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
https://support.apple.com/kb/HT5002
https://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
https://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
https://www.openwall.com/lists/oss-security/2011/01/05/2
https://www.openwall.com/lists/oss-security/2011/01/05/8
https://www.openwall.com/lists/oss-security/2011/01/06/5
https://www.redhat.com/support/errata/RHSA-2011-0195.html
https://www.redhat.com/support/errata/RHSA-2011-0196.html
https://www.securityfocus.com/bid/45668
https://www.ubuntu.com/usn/USN-1042-1
https://www.vupen.com/english/advisories/2011/0060
https://www.vupen.com/english/advisories/2011/0066
https://www.vupen.com/english/advisories/2011/0077
https://www.vupen.com/english/advisories/2011/0198
https://exchange.xforce.ibmcloud.com/vulnerabilities/64470

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PHP
Slackware Linux update for php