Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 14 May 2023 23:41:21 +0200
From: Solar Designer <>
Subject: Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator?

On Mon, Apr 24, 2023 at 04:43:29PM +0300, Georgi Guninski wrote:
> Are there real world examples of vulnerabilities of this:
> CWE-1077: Floating Point Comparison with Incorrect Operator
> This issue can prevent the product from running reliably. If the
> relevant code is reachable by an attacker, then this reliability
> problem might introduce a vulnerability.
> One simple example in python:
> >>> A=(0.1+0.2)+0.3;B=0.1+(0.2+0.3);(A==B,A-B,A,B)
> (False, 1.1102230246251565e-16, 0.6000000000000001, 0.6)

See this thread:

"Since this problem stems from a single codebase, strtod.c, so it gets a
single CVE identifier (already assigned CVE-2010-4645).  The CVE
description will "blame" strtod.c and mention PHP, and any other
high-profile software that is discovered to use the same vulnerable,
shared code."

CVE-2010-4645 description currently in NVD is:

"strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17
and 5.3 before 5.3.5, and other products, allows context-dependent
attackers to cause a denial of service (infinite loop) via a certain
floating-point value in scientific notation, which is not properly
handled in x87 FPU registers, as demonstrated using

Interestingly, at least PHP's fix at the time wasn't to avoid the direct
comparison, but to avoid having the floating-point values stay in x87 FP
registers.  This should be sufficient to workaround GCC "bug" 323, but
it might not be robust across platforms and it does not fix CWE-1077.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.