Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2010-4476

Disclosure Date: February 17, 2011 •

Description

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

sun

Products

References

Canonical

CVE-2010-4476 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476)

Advisory

SECUNIA-43295 (http://secunia.com/advisories/43295)

SECTRACK-1025062 (http://www.securitytracker.com/id?1025062)

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

SECUNIA-43280 (http://secunia.com/advisories/43280)

http://www.redhat.com/support/errata/RHSA-2011-0210.html

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

GLSA-201406-32 (http://security.gentoo.org/glsa/glsa-201406-32.xml)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328

HPSBMU02799 (http://marc.info?l=bugtraq&m=134254866602253&w=2)

FEDORA-2011-1231 (http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html)

FEDORA-2011-1263 (http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html)

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html

HPSBNS02633 (http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475)

SSRT100387 (http://marc.info?l=bugtraq&m=129899347607632&w=2)

HPSBUX02860 (http://marc.info?l=bugtraq&m=136485229118404&w=2)

http://www.redhat.com/support/errata/RHSA-2011-0214.html

PM31983 (http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983)

SECUNIA-45555 (http://secunia.com/advisories/45555)

IZ94423 (http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423)

SECUNIA-43400 (http://secunia.com/advisories/43400)

SSRT100412 (http://marc.info?l=bugtraq&m=129960314701922&w=2)

HPSBMA02642 (http://marc.info?l=bugtraq&m=130514352726432&w=2)

SECUNIA-43378 (http://secunia.com/advisories/43378)

SECUNIA-45022 (http://secunia.com/advisories/45022)

http://www.redhat.com/support/errata/RHSA-2011-0333.html

ADV-2011-0422 (http://www.vupen.com/english/advisories/2011/0422)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662

http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

HPSBMU02690 (http://marc.info?l=bugtraq&m=131041767210772&w=2)

ADV-2011-0434 (http://www.vupen.com/english/advisories/2011/0434)

HPSBOV02762 (http://marc.info?l=bugtraq&m=133469267822771&w=2)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589

http://www.redhat.com/support/errata/RHSA-2011-0213.html

SSRT100627 (http://marc.info?l=bugtraq&m=132215163318824&w=2)

ADV-2011-0377 (http://www.vupen.com/english/advisories/2011/0377)

SECUNIA-44954 (http://secunia.com/advisories/44954)

HPSBOV02634 (http://marc.info?l=bugtraq&m=130497132406206&w=2)

ADV-2011-0365 (http://www.vupen.com/english/advisories/2011/0365)

http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745

http://www.redhat.com/support/errata/RHSA-2011-0334.html

http://www.redhat.com/support/errata/RHSA-2011-0282.html

http://www-01.ibm.com/support/docview.wss?uid=swg21468358

SECUNIA-43048 (http://secunia.com/advisories/43048)

DSA-2161 (http://www.debian.org/security/2011/dsa-2161)

ADV-2011-0379 (http://www.vupen.com/english/advisories/2011/0379)

SECUNIA-43304 (http://secunia.com/advisories/43304)

http://www.redhat.com/support/errata/RHSA-2011-0211.html

SSRT100867 (http://marc.info?l=bugtraq&m=134254957702612&w=2)

SECUNIA-49198 (http://secunia.com/advisories/49198)

SECUNIA-43659 (http://secunia.com/advisories/43659)

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

http://www.ibm.com/support/docview.wss?uid=swg24029498

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html

HPSBUX02777 (http://marc.info?l=bugtraq&m=133728004526190&w=2)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493

SECUNIA-43333 (http://secunia.com/advisories/43333)

HPSBUX02645 (http://marc.info?l=bugtraq&m=130168502603566&w=2)

http://www.redhat.com/support/errata/RHSA-2011-0212.html

HPSBUX02642 (http://marc.info?l=bugtraq&m=130270785502599&w=2)

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

ADV-2011-0605 (http://www.vupen.com/english/advisories/2011/0605)

HPSBTU02684 (http://marc.info?l=bugtraq&m=130497185606818&w=2)

http://www.ibm.com/support/docview.wss?uid=swg24029497

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

Miscellaneous

http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308

http://blog.fortify.com/blog/2011/02/08/Double-Trouble

Rapid7

Technical Analysis