JDK Double.parseDouble Denial-Of-Service

🗓️ 09 Mar 2011 18:44:00Reported by RedHatType

A crafted string can trigger an infinite loop in Double.parseDouble, causing denial of service in older Java.

Reporter	Title	Published	Views	Family All 229
IBM Security Bulletins	Security Bulletin: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)	10 Sep 202015:43	–	ibm
Tenable Nessus	CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)	15 Apr 201100:00	–	nessus
Tenable Nessus	CentOS 5 : tomcat5 (CESA-2011:0336)	15 Apr 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities	23 Nov 201100:00	–	nessus
Tenable Nessus	IBM DB2 9.1 < Fix Pack 11 Multiple DoS	21 Jun 201200:00	–	nessus
Tenable Nessus	Debian DSA-2161-1 : openjdk-6 - denial of service	15 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (2011-1231)	14 Feb 201100:00	–	nessus
Tenable Nessus	Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)	14 Feb 201100:00	–	nessus
Tenable Nessus	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)	7 Nov 201100:00	–	nessus
Tenable Nessus	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	30 Jun 201400:00	–	nessus

Vulners

Node

AND

Node

AND

Source	Link
access	www.access.redhat.com/security/cve/CVE-2010-4476
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2010-4476
cve	www.cve.org/CVERecord

21 Nov 2025 17:37Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25

EPSS0.39874