CVE - CVE-2010-4476

CVE-ID
CVE-2010-4476	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://blog.fortify.com/blog/2011/02/08/Double-Trouble MISC:http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ CONFIRM:http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html CONFIRM:http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21468358 CONFIRM:http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24029497 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24029498 CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html CONFIRM:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html AIXAPAR:IZ94423 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423 AIXAPAR:PM31983 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983 DEBIAN:DSA-2161 URL:http://www.debian.org/security/2011/dsa-2161 FEDORA:FEDORA-2011-1231 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html FEDORA:FEDORA-2011-1263 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html GENTOO:GLSA-201406-32 URL:http://security.gentoo.org/glsa/glsa-201406-32.xml HP:HPSBNS02633 URL:http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475 HP:SSRT100390 URL:http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475 HP:HPSBMA02642 URL:http://marc.info/?l=bugtraq&m=130514352726432&w=2 HP:HPSBMU02690 URL:http://marc.info/?l=bugtraq&m=131041767210772&w=2 HP:SSRT100415 URL:http://marc.info/?l=bugtraq&m=130514352726432&w=2 HP:SSRT100569 URL:http://marc.info/?l=bugtraq&m=131041767210772&w=2 HP:HPSBUX02641 URL:http://marc.info/?l=bugtraq&m=129960314701922&w=2 HP:SSRT100412 URL:http://marc.info/?l=bugtraq&m=129960314701922&w=2 HP:HPSBUX02725 URL:http://marc.info/?l=bugtraq&m=132215163318824&w=2 HP:SSRT100627 URL:http://marc.info/?l=bugtraq&m=132215163318824&w=2 HP:HPSBUX02860 URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2 HP:SSRT101146 URL:http://marc.info/?l=bugtraq&m=136485229118404&w=2 HP:HPSBMU02797 URL:http://marc.info/?l=bugtraq&m=134254957702612&w=2 HP:HPSBOV02634 URL:http://marc.info/?l=bugtraq&m=130497132406206&w=2 HP:HPSBOV02762 URL:http://marc.info/?l=bugtraq&m=133469267822771&w=2 HP:HPSBTU02684 URL:http://marc.info/?l=bugtraq&m=130497185606818&w=2 HP:HPSBUX02633 URL:http://marc.info/?l=bugtraq&m=129899347607632&w=2 HP:HPSBUX02642 URL:http://marc.info/?l=bugtraq&m=130270785502599&w=2 HP:HPSBUX02645 URL:http://marc.info/?l=bugtraq&m=130168502603566&w=2 HP:HPSBUX02777 URL:http://marc.info/?l=bugtraq&m=133728004526190&w=2 HP:SSRT100387 URL:http://marc.info/?l=bugtraq&m=129899347607632&w=2 HP:SSRT100825 URL:http://marc.info/?l=bugtraq&m=133469267822771&w=2 HP:SSRT100854 URL:http://marc.info/?l=bugtraq&m=133728004526190&w=2 HP:SSRT100867 URL:http://marc.info/?l=bugtraq&m=134254957702612&w=2 HP:HPSBMU02799 URL:http://marc.info/?l=bugtraq&m=134254866602253&w=2 MANDRIVA:MDVSA-2011:054 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 REDHAT:RHSA-2011:0210 URL:http://www.redhat.com/support/errata/RHSA-2011-0210.html REDHAT:RHSA-2011:0211 URL:http://www.redhat.com/support/errata/RHSA-2011-0211.html REDHAT:RHSA-2011:0212 URL:http://www.redhat.com/support/errata/RHSA-2011-0212.html REDHAT:RHSA-2011:0213 URL:http://www.redhat.com/support/errata/RHSA-2011-0213.html REDHAT:RHSA-2011:0214 URL:http://www.redhat.com/support/errata/RHSA-2011-0214.html REDHAT:RHSA-2011:0282 URL:http://www.redhat.com/support/errata/RHSA-2011-0282.html REDHAT:RHSA-2011:0333 URL:http://www.redhat.com/support/errata/RHSA-2011-0333.html REDHAT:RHSA-2011:0334 URL:http://www.redhat.com/support/errata/RHSA-2011-0334.html REDHAT:RHSA-2011:0880 URL:http://www.redhat.com/support/errata/RHSA-2011-0880.html SUSE:SUSE-SA:2011:024 URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html SUSE:SUSE-SU-2011:0823 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html OVAL:oval:org.mitre.oval:def:12662 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662 OVAL:oval:org.mitre.oval:def:12745 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745 OVAL:oval:org.mitre.oval:def:14328 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328 OVAL:oval:org.mitre.oval:def:14589 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589 OVAL:oval:org.mitre.oval:def:19493 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493 SECTRACK:1025062 URL:http://www.securitytracker.com/id?1025062 SECUNIA:43048 URL:http://secunia.com/advisories/43048 SECUNIA:43280 URL:http://secunia.com/advisories/43280 SECUNIA:43295 URL:http://secunia.com/advisories/43295 SECUNIA:43304 URL:http://secunia.com/advisories/43304 SECUNIA:43333 URL:http://secunia.com/advisories/43333 SECUNIA:43378 URL:http://secunia.com/advisories/43378 SECUNIA:43400 URL:http://secunia.com/advisories/43400 SECUNIA:45555 URL:http://secunia.com/advisories/45555 SECUNIA:43659 URL:http://secunia.com/advisories/43659 SECUNIA:44954 URL:http://secunia.com/advisories/44954 SECUNIA:45022 URL:http://secunia.com/advisories/45022 SECUNIA:49198 URL:http://secunia.com/advisories/49198 VUPEN:ADV-2011-0365 URL:http://www.vupen.com/english/advisories/2011/0365 VUPEN:ADV-2011-0377 URL:http://www.vupen.com/english/advisories/2011/0377 VUPEN:ADV-2011-0379 URL:http://www.vupen.com/english/advisories/2011/0379 VUPEN:ADV-2011-0422 URL:http://www.vupen.com/english/advisories/2011/0422 VUPEN:ADV-2011-0434 URL:http://www.vupen.com/english/advisories/2011/0434 VUPEN:ADV-2011-0605 URL:http://www.vupen.com/english/advisories/2011/0605
Assigning CNA
N/A
Date Entry Created
20101206	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101206)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org