CVE-2010-4476

Severity

50%

Complexity

99%

Confidentiality

48%

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 14 years ago

2011-02-17 19:00:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 18

1.6.0

Sun JRE 1.6.0 Update 19

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 20

1.6.0

Sun JRE 1.6.0 Update 21

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 18

1.6.0

Sun JDK 1.6.0 Update 19

1.6.0

Sun JDK 1.6.0 Update 20

1.6.0

Sun JDK 1.6.0 Update 21

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update 22

1.5.0

Sun JDK 5.0 Update 23

1.5.0

Sun JDK 5.0 Update 24

1.5.0

Sun JDK 5.0 Update 25

1.5.0

Sun JDK 5.0 Update 26

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

SDK 1.4.2_02

1.4.2_02

Sun SDK 1.4.2_3

1.4.2_3

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

Sun SDK 1.4.2_16

1.4.2_16

Sun SDK1.4.2_17

1.4.2_17

Sun SDK1.4.2_18

1.4.2_18

Sun SDK 1.4.2_19

1.4.2_19

Sun SDK 1.4.2_20

1.4.2_20

Sun SDK 1.4.2_21

1.4.2_21

SDK 1.4.2_22

1.4.2_22

Sun SDK 1.4.2_23

1.4.2_23

Sun SDK 1.4.2_24

1.4.2_24

Sun SDK 1.4.2_25

1.4.2_25

Sun SDK 1.4.2_26

1.4.2_26

Sun SDK 1.4.2_27

1.4.2_27

Sun SDK

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_22 (JRE 5.0 Update 22)

1.5.0

Sun JRE 1.5.0_23 (JRE 5.0 Update 23)

1.5.0

Sun JRE 1.5.0_24 (JRE 5.0 Update 24)

1.5.0

Sun JRE 1.5.0_25 (JRE 5.0 Update 25)

1.5.0

Sun JRE 1.5.0_26 (JRE 5.0 Update 26)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.4.2_19

1.4.2_19

Sun JRE 1.4.2_20

1.4.2_20

Sun JRE 1.4.2_21

1.4.2_21

Sun JRE 1.4.2_22

1.4.2_22

Sun JRE 1.4.2_23

1.4.2_23

Sun JRE 1.4.2_24

1.4.2_24

Sun JRE 1.4.2_25

1.4.2_25

Sun JRE 1.4.2_26

1.4.2_26

Sun JRE 1.4.2_27

1.4.2_27

Sun JRE 1.4.2_28

1.4.2_28

Sun JRE

References

http://blog.fortify.com/blog/2011/02/08/Double-Trouble

http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

FEDORA-2011-1231

FEDORA-2011-1263

SUSE-SA:2011:024

SUSE-SU-2011:0823

SSRT100387

SSRT100412

HPSBUX02645

HPSBUX02642

HPSBOV02634

HPSBTU02684

HPSBMA02642

HPSBMU02690

SSRT100627

HPSBOV02762

HPSBUX02777

HPSBMU02799

SSRT100867

HPSBUX02860

43048

Vendor Advisory

43280

Vendor Advisory

43295

Vendor Advisory

43304

Vendor Advisory

43333

Vendor Advisory

43378

Vendor Advisory

43400

Vendor Advisory

43659

Vendor Advisory

44954

45022

45555

Vendor Advisory

49198

GLSA-201406-32

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

DSA-2161

http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

http://www.ibm.com/support/docview.wss?uid=swg24029497

http://www.ibm.com/support/docview.wss?uid=swg24029498

MDVSA-2011:054

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

Patch, Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Patch, Vendor Advisory

http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

Patch, Vendor Advisory

RHSA-2011:0210

Vendor Advisory

RHSA-2011:0211

Vendor Advisory

RHSA-2011:0212

Vendor Advisory

RHSA-2011:0213

Vendor Advisory

RHSA-2011:0214

Vendor Advisory

RHSA-2011:0282

Vendor Advisory

RHSA-2011:0333

Vendor Advisory

RHSA-2011:0334

Vendor Advisory

RHSA-2011:0880

Vendor Advisory

1025062

ADV-2011-0365

Vendor Advisory

ADV-2011-0377

Vendor Advisory

ADV-2011-0379

Vendor Advisory

ADV-2011-0422

Vendor Advisory

ADV-2011-0434

Vendor Advisory

ADV-2011-0605

Vendor Advisory

IZ94423

PM31983

http://www-01.ibm.com/support/docview.wss?uid=swg21468358

HPSBNS02633

oval:org.mitre.oval:def:12662

oval:org.mitre.oval:def:12745

oval:org.mitre.oval:def:14328

oval:org.mitre.oval:def:14589

oval:org.mitre.oval:def:19493

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.