CVE 2010-4476
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072
Related bugs and status
CVE-2010-4476 (Candidate) is related to these bugs:
Bug #716689: Security Alert For CVE-2010-4476 Released
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu Hardy) | Medium | Won't Fix | ||
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu Hardy) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu Karmic) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu Karmic) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu Lucid) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu Lucid) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu Maverick) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu Maverick) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | openjdk-6 (Ubuntu Natty) | Medium | Fix Released | ||
| 716689 | Security Alert For CVE-2010-4476 Released | sun-java6 (Ubuntu Natty) | Medium | Fix Released | ||
Bug #721027: Infinite loop on Double.parseDouble("2.2250738585072014e-308")
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 721027 | Infinite loop on Double.parseDouble("2.2250738585072014e-308") | openjdk-6 (Ubuntu) | Undecided | New | ||
Bug #726845: [natty] icedtea6-plugin uninstallable on armel
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 726845 | [natty] icedtea6-plugin uninstallable on armel | openjdk-6b18 (Ubuntu) | High | Fix Released | ||
| 726845 | [natty] icedtea6-plugin uninstallable on armel | openjdk-6 (Ubuntu) | High | Invalid | ||
| 726845 | [natty] icedtea6-plugin uninstallable on armel | openjdk-6 (Ubuntu Natty) | High | Invalid | ||
| 726845 | [natty] icedtea6-plugin uninstallable on armel | openjdk-6b18 (Ubuntu Natty) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
