← Back to team overview

openjdk team mailing list archive

  1. openjdk team
  2. Mailing list archive
  3. Message #05341

[Bug 721027] [NEW] Infinite loop on Double.parseDouble("2.2250738585072014e-308")

  Thread PreviousDate PreviousThread Next 
*** This bug is a duplicate of bug 716689 ***
    https://bugs.launchpad.net/bugs/716689

*** This bug is a security vulnerability ***

Public security bug reported:

Sun's and now Oracle's Java VMs, and OpenJDK, have a bug whereby
inputting "2.2250738585072014e-308" or variations of it [1] to the
java.lang.Double.parseDouble(String) method causes it to enter an
infinite loop; control is not returned to the calling thread.

This bug can be used to cause remote denial of service on long-running
servers by way of CPU time exhaustion and/or causing all threads of an
application server's thread pool to enter infinite loops and becoming
unable to service requests.

Ubuntu Lucid and Maverick are affected by the vulnerability caused by
this bug.

Oracle has released a fix for this bug in the OpenJDK codebase [2].

[1] http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
[2] http://hg.openjdk.java.net/jdk7/tl/jdk/rev/82c8c54ac1d5

** Affects: openjdk-6 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: patch

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4476

** Visibility changed to: Public

** This bug has been marked a duplicate of bug 716689
   Security Alert For CVE-2010-4476 Released
 * You can subscribe to bug 716689 by following this link: https://bugs.launchpad.net/ubuntu/+source/sun-java6/+bug/716689/+subscribe

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/721027

Title:
  Infinite loop on Double.parseDouble("2.2250738585072014e-308")

Status in “openjdk-6” package in Ubuntu:
  New

Bug description:
  Sun's and now Oracle's Java VMs, and OpenJDK, have a bug whereby
  inputting "2.2250738585072014e-308" or variations of it [1] to the
  java.lang.Double.parseDouble(String) method causes it to enter an
  infinite loop; control is not returned to the calling thread.

  This bug can be used to cause remote denial of service on long-running
  servers by way of CPU time exhaustion and/or causing all threads of an
  application server's thread pool to enter infinite loops and becoming
  unable to service requests.

  Ubuntu Lucid and Maverick are affected by the vulnerability caused by
  this bug.

  Oracle has released a fix for this bug in the OpenJDK codebase [2].

  [1] http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
  [2] http://hg.openjdk.java.net/jdk7/tl/jdk/rev/82c8c54ac1d5

Follow ups

References

  Thread PreviousDate PreviousThread Next