PHP floating point bug and you - You might DoS yourself from the inside out

[Qombat]

A vulnerability has been found in most 32-bit versions of PHP which causes the interpreter to hang when parsing a specific floating point number.

As a result, any script taking user input and treating it as a number is vulnerable to a DoS attack.

It takes next to no effort to initiate, and PHP on your machine will enter an infinite loop.

Fixes are being worked on but for now, if you don't need to work with floating point numbers, don't.

Vulnerable:

Code:

$id = (int)$_GET['x'];

Safe:

Code:

$id = (int)substr($_GET['x'], 0, strpos($_GET['x'], "."));

For reference, this is safe because it ignores everything past the decimal place.

-For user safety, I have been asked to remove the specific floating point number, along with the cause behind the action PHP takes.-

Trust me, if your site is public in any way shape or form, you'll thank me later.

[Livewire]

And stickied now that the actual exploit itself is removed

[Qombat]

Update:

The PHP team has released two new versions as of today: PHP versions 5.3.5 and 5.2.17. These versions contain the fix for the bug. If you are unable to update, I highly recommend continuing with the fix in the original post.

[callumacrae]

I thought they had discontinued support for PHP 5.2?

~Callum

[lemon-tree]

There's a difference between discontinuing development and releasing security patches. Whilst there won't be any new features added, there will still be security fixes where necessary. For example, I still get security patches for Leopard despite it not being the most current release.