CVE-2010-4476

NameCVE-2010-4476
DescriptionThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2161-1, DSA-2161-2
NVD severitymedium (attack range: remote)
Debian Bugs612660

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjdk-6 (PTS)wheezy, wheezy (security)6b38-1.13.10-1~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)6b18-1.8.7-1medium612660
openjdk-6sourcelenny6b18-1.8.3-2~lenny1mediumDSA-2161-2
openjdk-6sourcesqueeze6b18-1.8.3-2+squeeze1mediumDSA-2161-1
sun-java6source(unstable)6.24-1medium

Notes

[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

Search for package or bug name: Reporting problems