Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 667806 - (CVE-2010-4645) CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20101230,repor...
: Security
Depends On: 670439 670461 670463 670464
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-06 15:30 EST by Vincent Danen
Modified: 2015-07-31 02:36 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-04 04:05:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0195 normal SHIPPED_LIVE Moderate: php security update 2011-02-03 13:56:12 EST
Red Hat Product Errata RHSA-2011:0196 normal SHIPPED_LIVE Moderate: php53 security update 2011-02-03 14:16:54 EST

  None (edit)
Description Vincent Danen 2011-01-06 15:30:39 EST 
A flaw in how PHP handled the numeric value 2.2250738585072011e-308 was reported [1].  If a script were to assign this value to a variable, it could cause PHP to hang (infinite loop).  This issue has been fixed in upstream PHP [2] 5.2.17 and 5.3.5.

[1] http://bugs.php.net/53632
[2] http://svn.php.net/viewvc?view=revision&revision=307095
Comment 1 Vincent Danen 2011-01-06 15:56:55 EST 
I have not been able to reproduce this on RHEL4 (4.3.9) or RHEL5 (5.1.6) on x86.  I have reproduced it on RHEL6 (5.3.2) and Fedora 14 (5.3.4), both x86.  It does not reproduce on Fedora 14 x86_64, so this is x86-only.
Comment 2 Michał Piotrowski 2011-01-06 16:11:38 EST 
Please add also

r307168 | pajoye | 2011-01-06 18:08:46 +0100 (czw) | 1 linia

- fix vc6 random behavior for Fix bug #53632 with x87 fpu
Comment 3 Vincent Danen 2011-01-06 19:24:29 EST 
Note that upstream has put up a checking script to see if your system is vulnerable:  http://www.php.net/distributions/test_bug53632.txt
Comment 4 Joe Orton 2011-01-07 03:54:21 EST 
Michal, r307168 is MSVC-specific and won't have any effect on Linux.
Comment 16 errata-xmlrpc 2011-02-03 13:56:33 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0195 https://rhn.redhat.com/errata/RHSA-2011-0195.html
Comment 17 errata-xmlrpc 2011-02-03 14:17:11 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0196 https://rhn.redhat.com/errata/RHSA-2011-0196.html
Comment 18 Vincent Danen 2011-02-03 14:28:28 EST 
Statement:

This issue leads to a temporary denial of service (high CPU consumption) when a PHP script handles numeric values from untrusted user input. It does not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5.  It  did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.