> -----Original Message-----
> From: Daevid Vincent [mailto:dae...@daevid.com]
> Sent: Wednesday, January 05, 2011 11:36 AM
> To: php-general@lists.php.net
> Subject: [PHP] [security] PHP has DoS vuln with large decimal points
> The error in the way floating-point and double-precision numbers are
> handled sends 32-bit systems running Linux, Windows, and FreeBSD into an
> infinite loop that consumes 100 percent of their CPU's resources.
> Developers are still investigating, but they say the bug appears to affect
> versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on
> websites to cause them to crash by adding long numbers to certain URLs.
> <?php $d = 2.2250738585072011e-308; ?>
> The crash is also triggered when the number is expressed without
> notation, with 324 decimal places.
> Read on...
> http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
> --
> Daevid Vincent
> http://daevid.com
> There are only 11 types of people in this world. Those that think binary
> jokes are funny, those that don't, and those that don't know binary.

"The size of a float is platform-dependent, although a maximum of ~1.8e308
with a precision of roughly 14 decimal digits is a common value (the 64 bit
IEEE format)."  From [1].  The example given is clearly over the limit
within the PHP core.

This sounds like what I was mentioning before, in a different thread, about
URL hacking to induce buffer overflow.


[1] http://www.php.net/manual/en/language.types.float.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to