Ubuntu
openjdk-6 package

Infinite loop on Double.parseDouble("2.2250738585072014e-308")

Bug #721027 reported by Louis Simard
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Sun's and now Oracle's Java VMs, and OpenJDK, have a bug whereby inputting "2.2250738585072014e-308" or variations of it [1] to the java.lang.Double.parseDouble(String) method causes it to enter an infinite loop; control is not returned to the calling thread.

This bug can be used to cause remote denial of service on long-running servers by way of CPU time exhaustion and/or causing all threads of an application server's thread pool to enter infinite loops and becoming unable to service requests.

Ubuntu Lucid and Maverick are affected by the vulnerability caused by this bug.

Oracle has released a fix for this bug in the OpenJDK codebase [2].

[1] http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
[2] http://hg.openjdk.java.net/jdk7/tl/jdk/rev/82c8c54ac1d5

Tags: patch

CVE References

Louis Simard (louis-simard-deactivatedaccount)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.