[security] PHP has DoS vuln with large decimal points

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The error in the way floating-point and double-precision numbers are
handled sends 32-bit systems running Linux, Windows, and FreeBSD into an
infinite loop that consumes 100 percent of their CPU's resources.
Developers are still investigating, but they say the bug appears to affect
versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on
many websites to cause them to crash by adding long numbers to certain
URLs.

<?php $d = 2.2250738585072011e-308; ?>

The crash is also triggered when the number is expressed without scientific
notation, with 324 decimal places.

Read on...

http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/

--
Daevid Vincent
http://daevid.com

There are only 11 types of people in this world. Those that think binary
jokes are funny, those that don't, and those that don't know binary.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux