Unrated severityNVD Advisory· Published Jan 11, 2011· Updated Jun 16, 2026
CVE-2010-4645
CVE-2010-4645
Description
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- (no CPE)range: 5.2 < 5.2.17, 5.3 < 5.3.5
- osv-coords3 versionspkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
< 5.6.28-1.1+ 2 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
- (no CPE)range: < 8.0.11-1.1
Patches
Vulnerability mechanics
References
28- svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.cnvdPatch
- bugs.php.net/53632nvdExploit
- www.openwall.com/lists/oss-security/2011/01/05/2nvdExploitPatch
- www.securityfocus.com/bid/45668nvdExploit
- www.vupen.com/english/advisories/2011/0060nvdVendor Advisory
- hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdfnvd
- lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.htmlnvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/42812nvd
- secunia.com/advisories/42843nvd
- secunia.com/advisories/43051nvd
- secunia.com/advisories/43189nvd
- slackware.com/security/viewer.phpnvd
- support.apple.com/kb/HT5002nvd
- www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/nvd
- www.openwall.com/lists/oss-security/2011/01/05/8nvd
- www.openwall.com/lists/oss-security/2011/01/06/5nvd
- www.openwall.com/lists/oss-security/2023/05/14/3nvd
- www.redhat.com/support/errata/RHSA-2011-0195.htmlnvd
- www.redhat.com/support/errata/RHSA-2011-0196.htmlnvd
- www.ubuntu.com/usn/USN-1042-1nvd
- www.vupen.com/english/advisories/2011/0066nvd
- www.vupen.com/english/advisories/2011/0077nvd
- www.vupen.com/english/advisories/2011/0198nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/64470nvd
News mentions
0No linked articles in our index yet.