CVE-2010-4476
Description
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
45.147
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2010-4476 are affected in Java SE Development Kit (x64) 1.4.2_29 | Windows |
| Vulnerabilities CVE-2010-4476 are affected in Java SE Development Kit 1.4.2_29 | Windows |
| Vulnerabilities CVE-2010-4476 are affected in Java Runtime Environment 1.6 (x64) 1.6.23 | Windows |
| Vulnerabilities CVE-2010-4476 are affected in Java Runtime Environment 1.6 1.6.23 | Windows |
| Vulnerabilities CVE-2011-0534,CVE-2010-4476,CVE-2009-3555 are fixed in Apache - tomcat 6.0.32 | Windows |
| Vulnerabilities CVE-2010-4476 are fixed in Apache - tomcat 7.0.7 | Windows |
| Vulnerabilities CVE-2010-4476,CVE-2009-3555 are fixed in Apache - tomcat 5.5.33 | Windows |
| (RHSA-2011:0335) Important: tomcat6 security and bug fix update tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm | Linux |
| Vulnerabilities CVE-2011-0534,CVE-2010-4476,CVE-2009-3555 are fixed in Apache - tomcat for Linux 6.0.32 | Linux |
| Vulnerabilities CVE-2010-4476 are fixed in Apache - tomcat for Linux 7.0.7 | Linux |
| Vulnerabilities CVE-2010-4476,CVE-2009-3555 are fixed in Apache - tomcat for Linux 5.5.33 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234