CVE-2010-4476 is about a bug whereby inputting "2.2250738585072014e-308" or variations of it [1] to the java.lang.Double.parseDouble(String) method causes it to enter an infinite loop; control is not returned to the calling thread.
This bug can be used to cause remote unauthenticated denial of service on long-running servers by way of CPU time exhaustion and/or causing all threads of an application server's thread pool to enter infinite loops and becoming unable to service requests.
As Doki explained in comment #3, Ubuntu Lucid and Maverick are affected by the vulnerability caused by this bug. I also added Affects: openjdk-6, since the current version in Lucid (6b20-1.9.5-0ubuntu1~10.04.1) is affected.
Oracle has released a fix for this bug in the OpenJDK codebase [2].
CVE-2010-4476 is about a bug whereby inputting "2.225073858507 2014e-308" or variations of it [1] to the java.lang. Double. parseDouble( String) method causes it to enter an infinite loop; control is not returned to the calling thread.
This bug can be used to cause remote unauthenticated denial of service on long-running servers by way of CPU time exhaustion and/or causing all threads of an application server's thread pool to enter infinite loops and becoming unable to service requests.
As Doki explained in comment #3, Ubuntu Lucid and Maverick are affected by the vulnerability caused by this bug. I also added Affects: openjdk-6, since the current version in Lucid (6b20-1. 9.5-0ubuntu1~ 10.04.1) is affected.
Oracle has released a fix for this bug in the OpenJDK codebase [2].
[1] http:// www.exploringbi nary.com/ java-hangs- when-converting -2-225073858507 2012e-308/ (HTML) hg.openjdk. java.net/ jdk7/tl/ jdk/rev/ 82c8c54ac1d5 (patch)
[2] http://