JDK Double.parseDouble Denial-Of-Service

🗓️ 22 Feb 2011 17:22:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

Remote attackers can cause denial of service by crafting a string that makes Double.parseDouble loop.

Reporter	Title	Published	Views	Family All 229
IBM Security Bulletins	Security Bulletin: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)	10 Sep 202015:43	–	ibm
Tenable Nessus	CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)	15 Apr 201100:00	–	nessus
Tenable Nessus	CentOS 5 : tomcat5 (CESA-2011:0336)	15 Apr 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities	23 Nov 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.1 < Fix Pack 11 Multiple DoS	21 Jun 201200:00	–	nessus
Tenable Nessus	Debian DSA-2161-1 : openjdk-6 - denial of service	15 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (2011-1231)	14 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)	14 Feb 201100:00	–	nessus
Tenable Nessus	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)	7 Nov 201100:00	–	nessus
Tenable Nessus	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	30 Jun 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	4	i386	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el4	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el4.i386.rpm
Red Hat Enterprise Linux	4	ppc	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el4	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el4.ppc.rpm
Red Hat Enterprise Linux	4	s390	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el4	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el4.s390.rpm
Red Hat Enterprise Linux	4	s390x	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el4	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el4.s390x.rpm
Red Hat Enterprise Linux	4	x86_64	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el4	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el4.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el5	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el5.i386.rpm
Red Hat Enterprise Linux	5	ppc	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el5	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el5.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el5	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el5.ppc64.rpm
Red Hat Enterprise Linux	5	s390	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el5	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el5.s390.rpm
Red Hat Enterprise Linux	5	s390x	java-1.6.0-ibm	1:1.6.0.9.0-1jpp.4.el5	java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el5.s390x.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2010-4476
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2010-4476
cve	www.cve.org/CVERecord

28 Jun 2026 12:21Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25

EPSS0.2349

double parse flaw denial of service remote attackers older java runtimes