Описание
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 6b22-1.10-0ubuntu1 |
| hardy | released | 6b27-1.12.3-0ubuntu1~08.04.1 |
| karmic | released | 6b20-1.9.7-0ubuntu1~9.10.1 |
| lucid | released | 6b20-1.9.7-0ubuntu1~10.04.1 |
| maverick | released | 6b20-1.9.7-0ubuntu1 |
| natty | released | 6b22-1.10-0ubuntu1 |
| oneiric | released | 6b22-1.10-0ubuntu1 |
| upstream | pending | 6b22 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 6b18-1.8.7-0ubuntu5 |
| hardy | DNE | |
| karmic | released | 6b18-1.8.7-0ubuntu1~9.10.1 |
| lucid | released | 6b18-1.8.7-0ubuntu1~10.04.2 |
| maverick | released | 6b18-1.8.7-0ubuntu2.1 |
| natty | released | 6b18-1.8.7-0ubuntu5 |
| oneiric | released | 6b18-1.8.7-0ubuntu5 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 6.24-1build0.8.04.1 |
| karmic | released | 6.24-1build0.9.10.1 |
| lucid | released | 6.24-1build0.10.04.1 |
| maverick | released | 6.24-1build0.10.10.1 |
| natty | released | 6.24-1build0.10.10.1 |
| oneiric | not-affected | 6.26-1oneiric1 |
| upstream | released | 6.24-1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
The Double.parseDouble method in Java Runtime Environment (JRE) in Ora ...
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
EPSS
5 Medium
CVSS2