Lucene search

K

[email protected]NVD:CVE-2010-4645

HistoryJan 11, 2011 - 3:00 a.m.

CVE-2010-4645

2011-01-1103:00:04

CWE-189

[email protected]

web.nvd.nist.gov

7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.2%

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

Affected configurations

Nvd

Node

phpphpMatch5.2.0

OR

phpphpMatch5.2.1

OR

phpphpMatch5.2.2

OR

phpphpMatch5.2.3

OR

phpphpMatch5.2.4

OR

phpphpMatch5.2.5

OR

phpphpMatch5.2.6

OR

phpphpMatch5.2.7

OR

phpphpMatch5.2.8

OR

phpphpMatch5.2.9

OR

phpphpMatch5.2.10

OR

phpphpMatch5.2.11

OR

phpphpMatch5.2.12

OR

phpphpMatch5.2.13

OR

phpphpMatch5.2.14

OR

phpphpMatch5.2.15

OR

phpphpMatch5.2.16

Node

phpphpMatch5.3.0

OR

phpphpMatch5.3.1

OR

phpphpMatch5.3.2

OR

phpphpMatch5.3.3

OR

phpphpMatch5.3.4

References

bugs.php.net/53632

hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html

marc.info/?l=bugtraq&m=133226187115472&w=2

marc.info/?l=bugtraq&m=133469208622507&w=2

secunia.com/advisories/42812

secunia.com/advisories/42843

secunia.com/advisories/43051

secunia.com/advisories/43189

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686

support.apple.com/kb/HT5002

svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095

www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

www.openwall.com/lists/oss-security/2011/01/05/2

www.openwall.com/lists/oss-security/2011/01/05/8

www.openwall.com/lists/oss-security/2011/01/06/5

www.openwall.com/lists/oss-security/2023/05/14/3

www.redhat.com/support/errata/RHSA-2011-0195.html

www.redhat.com/support/errata/RHSA-2011-0196.html

www.securityfocus.com/bid/45668

www.ubuntu.com/usn/USN-1042-1

www.vupen.com/english/advisories/2011/0060

www.vupen.com/english/advisories/2011/0066

www.vupen.com/english/advisories/2011/0077

www.vupen.com/english/advisories/2011/0198

exchange.xforce.ibmcloud.com/vulnerabilities/64470

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.2%

Related for NVD:CVE-2010-4645

fedora8 openvas38 nessus22 slackware1 cve1 freebsd1 f54 cvelist1 checkpoint_security1 ubuntucve1 prion1 oraclelinux2 redhat2 centos1 ubuntu1 securityvulns4 gentoo1