Thread: Floating point DoS attack (PHP)
View Single Post
  #1   (View Single Post)  
Old 6th January 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Floating point DoS attack (PHP)
From http://www.h-online.com/security/new...k-1163838.html

Quote:
A bug in the way the PHP scripting language converts certain numbers may cause it to tie up all system resources. For example, on 32-bit systems, converting the string "2.2250738585072011e-308" into a floating point number using the function zend_strtod results in an infinite loop and consequent full utilisation of CPU resources.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote