openjdk team mailing list archive

Thread
Date

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Louis Simard <716689@xxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Feb 2011 00:21:38 -0000
Reply-to: Bug 716689 <716689@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

CVE-2010-4476 is about a bug whereby inputting "2.2250738585072014e-308"
or variations of it [1] to the java.lang.Double.parseDouble(String)
method causes it to enter an infinite loop; control is not returned to
the calling thread.

This bug can be used to cause remote unauthenticated denial of service
on long-running servers by way of CPU time exhaustion and/or causing all
threads of an application server's thread pool to enter infinite loops
and becoming unable to service requests.

As Doki explained in comment #3, Ubuntu Lucid and Maverick are affected
by the vulnerability caused by this bug. I also added Affects:
openjdk-6, since the current version in Lucid
(6b20-1.9.5-0ubuntu1~10.04.1) is affected.

Oracle has released a fix for this bug in the OpenJDK codebase [2].

[1] http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ (HTML)
[2] http://hg.openjdk.java.net/jdk7/tl/jdk/rev/82c8c54ac1d5 (patch)

** Also affects: openjdk-6 (Ubuntu)
   Importance: Undecided
       Status: New

** Tags added: patch

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
https://bugs.launchpad.net/bugs/716689

Title:
  Security Alert For CVE-2010-4476 Released

Status in “openjdk-6” package in Ubuntu:
  New
Status in “sun-java6” package in Ubuntu:
  Confirmed

Bug description:
  http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

  http://www.oracle.com/technetwork/topics/security/alert-
  cve-2010-4476-305811.html