The error in the way floating-point and double-precision numbers are handled sends 32-bit systems running Linux, Windows, and FreeBSD into an infinite loop that consumes 100 percent of their CPU's resources. Developers are still investigating, but they say the bug appears to affect versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on many websites to cause them to crash by adding long numbers to certain URLs. <?php $d = 2.2250738585072011e-308; ?> The crash is also triggered when the number is expressed without scientific notation, with 324 decimal places. Read on... http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/ -- Daevid Vincent http://daevid.com There are only 11 types of people in this world. Those that think binary jokes are funny, those that don't, and those that don't know binary. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
