Description
A flaw was found in the way PHP converted certain floating point values
from string representation to a number. If a PHP script evaluated an
attacker's input in a numeric context, the PHP interpreter could cause high
CPU usage until the script execution time limit is reached. This issue only
affected i386 systems. (CVE-2010-4645)
A stack memory exhaustion flaw was found in the way the PHP filter_var()
function validated email addresses. An attacker could use this flaw to
crash the PHP interpreter by providing excessively long input to be
validated as an email address. (CVE-2010-3710)
A memory disclosure flaw was found in the PHP multi-byte string extension.
If the mb_strcut() function was called with a length argument exceeding the
input string size, the function could disclose a portion of the PHP
interpreter's memory. (CVE-2010-4156)