IDG News Service - A newly unearthed bug in certain versions of the PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers.
The bug will cause the PHP processing software to enter an infinite loop when it tries to convert the series of digits "2.2250738585072011e-308" from the string format into the floating point format.
At least one PHP user has commented that a malicious user could crash a server running PHP by feeding this digit to the PHP processor through the language's get function.
The bug only seems to affect version 5.2 and 5.3 of the language, and only when they are run on Intel 32-bit CPUs that use the x87 instruction set.
To fix the problem, users can download patches for those versions or recompile PHP with additional flags for handling floating point digits.
Computer scientist Rick Regan first reported the bug on Monday, and the PHP development team issued patches the following day.
Regan speculated that this particular number is troublesome because it is the "largest subnormal double-precision floating-point number." In general, floating point digits are a challenge for developers to handle correctly, given the complex and differing techniques compilers and hardware instruction sets render such numbers.
- Use the Mobile App Mix to Choose an Enterprise App Store Strategy In this research report Gartner outlines how organizations can optimally secure, distribute, and manage mobile applications for employees and contracted workers.
- The Case for Mobile Apps Today's mobile apps turn handheld devices into e-book readers, portable navigation systems, digital wallets and more. And for organizations with mobile workers, they...
- The 5 Big Lies About Going Mobile You've heard about the power of mobile to change your business. But have you realized your mobile potential? It's about much more than...
- Transforming enterprise applications for mobile environments This new white paper explains how Dell Application Modernization and Development Solution Set can help you understand when to develop new mobile apps,...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Mobile Apps White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!