The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2011-02-17T18:31:00
Updated: 2024-08-07T03:43:14.943Z
Reserved: 2010-12-06T00:00:00
Link: CVE-2010-4476
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-02-17T19:00:01.900
Modified: 2018-10-30T16:26:21.390
Link: CVE-2010-4476
Redhat