JDK Double.parseDouble Denial-Of-Service

🗓️ 11 Feb 2011 00:44:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

Java double parsing can cause denial of service via a crafted string triggering an infinite loop.

Reporter	Title	Published	Views	Family All 229
IBM Security Bulletins	Security Bulletin: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)	10 Sep 202015:43	–	ibm
Tenable Nessus	CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)	15 Apr 201100:00	–	nessus
Tenable Nessus	CentOS 5 : tomcat5 (CESA-2011:0336)	15 Apr 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities	23 Nov 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.1 < Fix Pack 11 Multiple DoS	21 Jun 201200:00	–	nessus
Tenable Nessus	Debian DSA-2161-1 : openjdk-6 - denial of service	15 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (2011-1231)	14 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)	14 Feb 201100:00	–	nessus
Tenable Nessus	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)	7 Nov 201100:00	–	nessus
Tenable Nessus	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	30 Jun 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-1:1.6.0.0-1.18.b17.el5.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-1:1.6.0.0-1.18.b17.el5.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.6.0-openjdk	1:1.6.0.0-1.36.b17.el6_0	java-1.6.0-openjdk-1:1.6.0.0-1.36.b17.el6_0.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-openjdk	1:1.6.0.0-1.36.b17.el6_0	java-1.6.0-openjdk-1:1.6.0.0-1.36.b17.el6_0.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.18.b17.el5.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.18.b17.el5.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.36.b17.el6_0	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.36.b17.el6_0.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.36.b17.el6_0	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.36.b17.el6_0.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-demo	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-demo-1:1.6.0.0-1.18.b17.el5.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-demo	1:1.6.0.0-1.18.b17.el5	java-1.6.0-openjdk-demo-1:1.6.0.0-1.18.b17.el5.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2010-4476
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2010-4476
cve	www.cve.org/CVERecord

21 Nov 2025 17:37Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25

EPSS0.39874

double parsing vulnerability denial of service crafted string infinite loop java parsing