CVE-2010-4476 is about a bug whereby inputting "2.2250738585072014e-308" or variations of it [1] to the java.lang.Double.parseDouble(String) method causes it to enter an infinite loop; control is not returned to the calling thread.
This bug can be used to cause remote unauthenticated denial of service on long-running servers by way of CPU time exhaustion and/or causing all threads of an application server's thread pool to enter infinite loops and becoming unable to service requests. As Doki explained in comment #3, Ubuntu Lucid and Maverick are affected by the vulnerability caused by this bug. I also added Affects: openjdk-6, since the current version in Lucid (6b20-1.9.5-0ubuntu1~10.04.1) is affected. Oracle has released a fix for this bug in the OpenJDK codebase [2]. [1] http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ (HTML) [2] http://hg.openjdk.java.net/jdk7/tl/jdk/rev/82c8c54ac1d5 (patch) ** Also affects: openjdk-6 (Ubuntu) Importance: Undecided Status: New ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title: Security Alert For CVE-2010-4476 Released -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
