Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 350908 (CVE-2010-4645) - <dev-lang/php-{5.2.17,5.3.5}: DoS (hang) due to incorrect floating point handling (CVE-2010-4645)
Summary: <dev-lang/php-{5.2.17,5.3.5}: DoS (hang) due to incorrect floating point hand...
Alias: CVE-2010-4645
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 350747
Blocks: CVE-2010-3710
  Show dependency tree
Reported: 2011-01-06 23:47 UTC by Matti Bickel (RETIRED)
Modified: 2011-10-10 20:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matti Bickel (RETIRED) gentoo-dev 2011-01-06 23:47:36 UTC
The linked bug report has more detail. The gist is: php enters an infinite loop when
(a) presented a specific floating point number
(b) it processes that number with the x87 FPU

According to the php website, only 32 bit processes are affected. Additionally, using SSE or MMX mitigates the risk. Users who use "-mfpmath=sse" in their CFLAGS should still be fine.

I've uploaded the new upstream releases.

One more info: since Sektion Eins has not released a new suhosin patch (yet), I've used the one for 5.3.4/5.2.16, which still applies cleanly.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-01-07 00:05:43 UTC
Per this was assigned CVE-2010-4645.

And from #gentoo-dev:

2011-01-06 17:57 <@mabi> aright, i removed the freshly added 5.3.4-r1 and 5.2.16-r1, too, since they serve no purpose now


2011-01-06 17:59 <@mabi> also note the updated dep on eselect-php-0.6.2 which fixes the annoying upgrade fail
2011-01-06 17:59 <@mabi> it needs to go stable along php
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-07 00:11:08 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Target keywords : "amd64 hppa x86"

Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc64 x86"

Comment 3 Alex Buell 2011-01-07 01:52:08 UTC
Tested on SPARC:


Tested with a simple phpinfo() page and with phpsysinfo-2.5.4-r1 (also filed bug for stabilisation as phpsysinfo-2.5.4 will not work with php-5.3.5). All appears well, even though php-5.3.5 is not keyworded for SPARC. 

Take note, app-admin/eselect-php-0.6.2 must be keyworded for SPARC, otherwise how will dev-lang/php-5.2.17 will work? 
Comment 4 Agostino Sarubbo gentoo-dev 2011-01-07 16:17:18 UTC
amd64 ok
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2011-01-07 17:35:16 UTC
amd64 done. Thanks Agostino
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2011-01-07 20:06:51 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2011-01-08 21:18:38 UTC
arm stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2011-01-09 13:54:44 UTC
ppc done
Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-10 09:42:14 UTC
ppc64 stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2011-01-11 19:20:27 UTC
Stable for HPPA.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2011-01-30 16:04:09 UTC
alpha/ia64/s390/sh/sparc stable
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-01-30 18:00:21 UTC
Thanks, folks. Added to existing GLSA request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:36:55 UTC
CVE-2010-4645 (
  strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and
  5.3 before 5.3.5, and other products, allows context-dependent attackers to
  cause a denial of service (infinite loop) via a certain floating-point value
  in scientific notation, which is not properly handled in x87 FPU registers,
  as demonstrated using 2.2250738585072011e-308.
Comment 14 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-10 20:44:59 UTC
This issue was resolved and addressed in
 GLSA 201110-06 at
by GLSA coordinator Tobias Heinlein (keytoaster).