Candidate: CVE-2010-4645
PublicDate: 2011-01-11 03:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
Description:
 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and
 5.3 before 5.3.5, and other products, allows context-dependent attackers to
 cause a denial of service (infinite loop) via a certain floating-point
 value in scientific notation, which is not properly handled in x87 FPU
 registers, as demonstrated using 2.2250738585072011e-308.
Ubuntu-Description:
Notes:
 sbeattie> unabele to reproduce on 9.10 and before; however, the code in
  question looks like it ought to be vulnerable. Looking at the compiler
  flag differences between lucid and karmic's builds didn't show any obvious
  reason why karmic wouldn't be affected. Released an update for all
  releases anyway.
Bugs:
Priority: medium
Discovered-by:
Assigned-to: sbeattie
CVSS: 

Patches_php5:
upstream_php5: released (5.2.17)
dapper_php5: released (5.1.2-1ubuntu3.20)
hardy_php5: released (5.2.4-2ubuntu5.13)
karmic_php5: released (5.2.10.dfsg.1-2ubuntu6.6)
lucid_php5: released (5.3.2-1ubuntu4.6)
maverick_php5: released (5.3.3-1ubuntu9.2)
devel_php5: released (5.3.3-1ubuntu12)