PT-2011-1580 · Oracle+2 · Java Runtime Environment+3

Konstantin Preißer

+1

·

Published

2011-02-11

·

Updated

2022-05-14

·

CVE-2010-4476

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) versions 1.4.2 29 and earlier
Description The issue allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number. This is demonstrated using the string 2.2250738585072012e-308. The Double.parseDouble method is the point of concern in this issue.
Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 1.4.2 29 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the Double.parseDouble method with untrusted input until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2010-4476
DSA-2161-1
DSA-2161-2
GHSA-GVGC-RXMH-5HVW
HPSBUX02645
HPSBUX02725
HPSBUX02777
HPSBUX02860
RHSA-2011:0210
RHSA-2011:0211
RHSA-2011:0214
RHSA-2011:0282
RHSA-2011:0290
RHSA-2011:0291
RHSA-2011:0292
RHSA-2011:0299
RHSA-2011:0335
RHSA-2011:0336
RHSA-2011:0348
RHSA-2011:0349
RHSA-2011:0880
RHSA-2011_0214
RHSA-2011_0282
RHSA-2011_0290
RHSA-2011_0291
RHSA-2011_0335
RHSA-2011_0336

Affected Products

Hp-Ux
Java Platform
Java Runtime Environment
Red Hat