CVE-2010-4476

Published: 17 February 2011

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Priority

Status

Package	Release	Status
openjdk-6 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (6b27-1.12.3-0ubuntu1~08.04.1)
	karmic	Released (6b20-1.9.7-0ubuntu1~9.10.1)
	lucid	Released (6b20-1.9.7-0ubuntu1~10.04.1)
	maverick	Released (6b20-1.9.7-0ubuntu1)
	natty	Released (6b22-1.10-0ubuntu1)
	oneiric	Released (6b22-1.10-0ubuntu1)
	upstream	Pending (6b22)
openjdk-6b18 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	karmic	Released (6b18-1.8.7-0ubuntu1~9.10.1)
	lucid	Released (6b18-1.8.7-0ubuntu1~10.04.2)
	maverick	Released (6b18-1.8.7-0ubuntu2.1)
	natty	Released (6b18-1.8.7-0ubuntu5)
	oneiric	Released (6b18-1.8.7-0ubuntu5)
	upstream	Needs triage
sun-java5 Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Ignored (upstream sun-java5 is EoL)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage
sun-java6 Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (6.24-1build0.8.04.1)
	karmic	Released (6.24-1build0.9.10.1)
	lucid	Released (6.24-1build0.10.04.1)
	maverick	Released (6.24-1build0.10.10.1)
	natty	Released (6.24-1build0.10.10.1)
	oneiric	Not vulnerable (6.26-1oneiric1)
	upstream	Released (6.24-1)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›