Lucene search

PRIOn knowledge basePRION:CVE-2010-4645

HistoryJan 11, 2011 - 3:00 a.m.

Design/Logic Flaw

2011-01-1103:00:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

CPENameOperatorVersion
phpeq5.2.9
phpeq5.2.14
phpeq5.2.16
phpeq5.2.7
phpeq5.2.2
phpeq5.2.5
phpeq5.2.12
phpeq5.2.11
phpeq5.2.6
phpeq5.2.3

Name	Operator	Version
php	eq	5.2.9
php	eq	5.2.14
php	eq	5.2.16
php	eq	5.2.7
php	eq	5.2.2
php	eq	5.2.5
php	eq	5.2.12
php	eq	5.2.11
php	eq	5.2.6
php	eq	5.2.3

Rows per page:

1-10 of 221

References

bugs.php.net/53632

hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

secunia.com/advisories/42812

secunia.com/advisories/42843

secunia.com/advisories/43051

secunia.com/advisories/43189

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686

support.apple.com/kb/HT5002

svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095

www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

www.openwall.com/lists/oss-security/2011/01/05/2

www.openwall.com/lists/oss-security/2011/01/05/8

www.openwall.com/lists/oss-security/2011/01/06/5

www.openwall.com/lists/oss-security/2023/05/14/3

www.redhat.com/support/errata/RHSA-2011-0195.html

www.redhat.com/support/errata/RHSA-2011-0196.html

www.securityfocus.com/bid/45668

www.ubuntu.com/usn/USN-1042-1

www.vupen.com/english/advisories/2011/0060

www.vupen.com/english/advisories/2011/0066

www.vupen.com/english/advisories/2011/0077

www.vupen.com/english/advisories/2011/0198

exchange.xforce.ibmcloud.com/vulnerabilities/64470

lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html

marc.info/?l=bugtraq&m=133226187115472&w=2

marc.info/?l=bugtraq&m=133469208622507&w=2

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for PRION:CVE-2010-4645