Lucene search

Veracode Vulnerability DatabaseVERACODE:11228

HistoryJan 15, 2019 - 8:58 a.m.

Denial Of Service (DoS)

2019-01-1508:58:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.97

Percentile

99.7%

JSON

php is vulnerable to denial of service (DoS) attacks. The vulnerability exists through an Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

References

cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

rhn.redhat.com/errata/RHSA-2014-0311.html

rhn.redhat.com/errata/RHSA-2014-0312.html

secunia.com/advisories/37431

secunia.com/advisories/37682

secunia.com/advisories/37683

secunia.com/advisories/38066

secunia.com/advisories/38977

secunia.com/advisories/39001

secunia.com/secunia_research/2009-35/

securityreason.com/achievement_securityalert/63

securityreason.com/achievement_securityalert/69

securityreason.com/achievement_securityalert/71

securityreason.com/achievement_securityalert/72

securityreason.com/achievement_securityalert/73

securityreason.com/achievement_securityalert/75

securityreason.com/achievement_securityalert/76

securityreason.com/achievement_securityalert/77

securityreason.com/achievement_securityalert/78

securityreason.com/achievement_securityalert/81

securitytracker.com/id?1022478

sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

support.apple.com/kb/HT4077

support.apple.com/kb/HT4225

www.mandriva.com/security/advisories?name=MDVSA-2009:294

www.mandriva.com/security/advisories?name=MDVSA-2009:330

www.mozilla.org/security/announce/2009/mfsa2009-59.html

www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c

www.opera.com/support/kb/view/942/

www.redhat.com/support/errata/RHSA-2009-1601.html

www.redhat.com/support/errata/RHSA-2010-0153.html

www.redhat.com/support/errata/RHSA-2010-0154.html

www.securityfocus.com/archive/1/507977/100/0/threaded

www.securityfocus.com/archive/1/507979/100/0/threaded

www.securityfocus.com/archive/1/508417/100/0/threaded

www.securityfocus.com/archive/1/508423/100/0/threaded

www.securityfocus.com/bid/35510

www.ubuntu.com/usn/USN-915-1

www.vupen.com/english/advisories/2009/3297

www.vupen.com/english/advisories/2009/3299

www.vupen.com/english/advisories/2009/3334

www.vupen.com/english/advisories/2010/0094

www.vupen.com/english/advisories/2010/0648

www.vupen.com/english/advisories/2010/0650

access.redhat.com/security/updates/classification/#critical

bugzilla.mozilla.org/show_bug.cgi?id=516396

bugzilla.mozilla.org/show_bug.cgi?id=516862

bugzilla.redhat.com/show_bug.cgi?id=1057555

lists.debian.org/debian-lts-announce/2018/11/msg00001.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541