CVE-2010-4476

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2010-4476
StatePUBLISHED
Assigneroracle
Source PriorityCVE Program / NVD first with legacy fallback
Published2011-02-17 19:00:01 UTC
Updated2026-04-29 01:13:23 UTC
DescriptionThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Sun Jdk 1.5.0 All All All
Application Sun Jdk 1.5.0 update1 All All
Application Sun Jdk 1.5.0 update10 All All
Application Sun Jdk 1.5.0 update11 All All
Application Sun Jdk 1.5.0 update12 All All
Application Sun Jdk 1.5.0 update13 All All
Application Sun Jdk 1.5.0 update14 All All
Application Sun Jdk 1.5.0 update15 All All
Application Sun Jdk 1.5.0 update16 All All
Application Sun Jdk 1.5.0 update17 All All
Application Sun Jdk 1.5.0 update18 All All
Application Sun Jdk 1.5.0 update19 All All
Application Sun Jdk 1.5.0 update2 All All
Application Sun Jdk 1.5.0 update20 All All
Application Sun Jdk 1.5.0 update21 All All
Application Sun Jdk 1.5.0 update22 All All
Application Sun Jdk 1.5.0 update23 All All
Application Sun Jdk 1.5.0 update24 All All
Application Sun Jdk 1.5.0 update25 All All
Application Sun Jdk 1.5.0 update26 All All
Application Sun Jdk 1.5.0 update3 All All
Application Sun Jdk 1.5.0 update4 All All
Application Sun Jdk 1.5.0 update5 All All
Application Sun Jdk 1.5.0 update6 All All
Application Sun Jdk 1.5.0 update7 All All
Application Sun Jdk 1.5.0 update8 All All
Application Sun Jdk 1.5.0 update9 All All
Application Sun Jdk 1.6.0 All All All
Application Sun Jdk 1.6.0 update1 All All
Application Sun Jdk 1.6.0 update1_b06 All All
Application Sun Jdk 1.6.0 update2 All All
Application Sun Jdk 1.6.0 update_10 All All
Application Sun Jdk 1.6.0 update_11 All All
Application Sun Jdk 1.6.0 update_12 All All
Application Sun Jdk 1.6.0 update_13 All All
Application Sun Jdk 1.6.0 update_14 All All
Application Sun Jdk 1.6.0 update_15 All All
Application Sun Jdk 1.6.0 update_16 All All
Application Sun Jdk 1.6.0 update_17 All All
Application Sun Jdk 1.6.0 update_18 All All
Application Sun Jdk 1.6.0 update_19 All All
Application Sun Jdk 1.6.0 update_20 All All
Application Sun Jdk 1.6.0 update_21 All All
Application Sun Jdk 1.6.0 update_22 All All
Application Sun Jdk 1.6.0 update_3 All All
Application Sun Jdk 1.6.0 update_4 All All
Application Sun Jdk 1.6.0 update_5 All All
Application Sun Jdk 1.6.0 update_6 All All
Application Sun Jdk 1.6.0 update_7 All All
Application Sun Jdk All update27 All All
Application Sun Jdk All update_23 All All
Application Sun Jre 1.4.2 All All All
Application Sun Jre 1.4.2_1 All All All
Application Sun Jre 1.4.2_10 All All All
Application Sun Jre 1.4.2_11 All All All
Application Sun Jre 1.4.2_12 All All All
Application Sun Jre 1.4.2_13 All All All
Application Sun Jre 1.4.2_14 All All All
Application Sun Jre 1.4.2_15 All All All
Application Sun Jre 1.4.2_16 All All All
Application Sun Jre 1.4.2_17 All All All
Application Sun Jre 1.4.2_18 All All All
Application Sun Jre 1.4.2_19 All All All
Application Sun Jre 1.4.2_2 All All All
Application Sun Jre 1.4.2_20 All All All
Application Sun Jre 1.4.2_21 All All All
Application Sun Jre 1.4.2_22 All All All
Application Sun Jre 1.4.2_23 All All All
Application Sun Jre 1.4.2_24 All All All
Application Sun Jre 1.4.2_25 All All All
Application Sun Jre 1.4.2_26 All All All
Application Sun Jre 1.4.2_27 All All All
Application Sun Jre 1.4.2_28 All All All
Application Sun Jre 1.4.2_3 All All All
Application Sun Jre 1.4.2_4 All All All
Application Sun Jre 1.4.2_5 All All All
Application Sun Jre 1.4.2_6 All All All
Application Sun Jre 1.4.2_7 All All All
Application Sun Jre 1.4.2_8 All All All
Application Sun Jre 1.4.2_9 All All All
Application Sun Jre 1.5.0 All All All
Application Sun Jre 1.5.0 update1 All All
Application Sun Jre 1.5.0 update10 All All
Application Sun Jre 1.5.0 update11 All All
Application Sun Jre 1.5.0 update12 All All
Application Sun Jre 1.5.0 update13 All All
Application Sun Jre 1.5.0 update14 All All
Application Sun Jre 1.5.0 update15 All All
Application Sun Jre 1.5.0 update16 All All
Application Sun Jre 1.5.0 update17 All All
Application Sun Jre 1.5.0 update18 All All
Application Sun Jre 1.5.0 update19 All All
Application Sun Jre 1.5.0 update2 All All
Application Sun Jre 1.5.0 update20 All All
Application Sun Jre 1.5.0 update21 All All
Application Sun Jre 1.5.0 update22 All All
Application Sun Jre 1.5.0 update23 All All
Application Sun Jre 1.5.0 update24 All All
Application Sun Jre 1.5.0 update25 All All
Application Sun Jre 1.5.0 update26 All All
Application Sun Jre 1.5.0 update3 All All
Application Sun Jre 1.5.0 update4 All All
Application Sun Jre 1.5.0 update5 All All
Application Sun Jre 1.5.0 update6 All All
Application Sun Jre 1.5.0 update7 All All
Application Sun Jre 1.5.0 update8 All All
Application Sun Jre 1.5.0 update9 All All
Application Sun Jre 1.6.0 All All All
Application Sun Jre 1.6.0 update_1 All All
Application Sun Jre 1.6.0 update_10 All All
Application Sun Jre 1.6.0 update_11 All All
Application Sun Jre 1.6.0 update_12 All All
Application Sun Jre 1.6.0 update_13 All All
Application Sun Jre 1.6.0 update_14 All All
Application Sun Jre 1.6.0 update_15 All All
Application Sun Jre 1.6.0 update_16 All All
Application Sun Jre 1.6.0 update_17 All All
Application Sun Jre 1.6.0 update_18 All All
Application Sun Jre 1.6.0 update_19 All All
Application Sun Jre 1.6.0 update_2 All All
Application Sun Jre 1.6.0 update_20 All All
Application Sun Jre 1.6.0 update_21 All All
Application Sun Jre 1.6.0 update_22 All All
Application Sun Jre 1.6.0 update_3 All All
Application Sun Jre 1.6.0 update_4 All All
Application Sun Jre 1.6.0 update_5 All All
Application Sun Jre 1.6.0 update_6 All All
Application Sun Jre 1.6.0 update_7 All All
Application Sun Jre All All All All
Application Sun Jre All update27 All All
Application Sun Jre All update_23 All All
Application Sun Sdk 1.4.2 All All All
Application Sun Sdk 1.4.2_02 All All All
Application Sun Sdk 1.4.2_1 All All All
Application Sun Sdk 1.4.2_10 All All All
Application Sun Sdk 1.4.2_11 All All All
Application Sun Sdk 1.4.2_12 All All All
Application Sun Sdk 1.4.2_13 All All All
Application Sun Sdk 1.4.2_14 All All All
Application Sun Sdk 1.4.2_15 All All All
Application Sun Sdk 1.4.2_16 All All All
Application Sun Sdk 1.4.2_17 All All All
Application Sun Sdk 1.4.2_18 All All All
Application Sun Sdk 1.4.2_19 All All All
Application Sun Sdk 1.4.2_20 All All All
Application Sun Sdk 1.4.2_21 All All All
Application Sun Sdk 1.4.2_22 All All All
Application Sun Sdk 1.4.2_23 All All All
Application Sun Sdk 1.4.2_24 All All All
Application Sun Sdk 1.4.2_25 All All All
Application Sun Sdk 1.4.2_26 All All All
Application Sun Sdk 1.4.2_27 All All All
Application Sun Sdk 1.4.2_28 All All All
Application Sun Sdk 1.4.2_3 All All All
Application Sun Sdk 1.4.2_4 All All All
Application Sun Sdk 1.4.2_5 All All All
Application Sun Sdk 1.4.2_6 All All All
Application Sun Sdk 1.4.2_7 All All All
Application Sun Sdk 1.4.2_8 All All All
Application Sun Sdk 1.4.2_9 All All All
Application Sun Sdk All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na N/a affected n/a Not specified

References

ReferenceSourceLinkTags
Security Alerts - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
IBM notice: The page you requested cannot be displayed af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com
IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
Red Hat update for java-1.6.0-ibm - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com
Debian update for openjdk-6 - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Vendor Advisory
'[security bulletin] HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
HP NonStop Server NonStop Java Double Literal Parsing Denial of Service - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
Oracle Security Alert for CVE-2010-4476 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Vendor Advisory
'[security bulletin] HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Java Hangs When Converting 2.2250738585072012e-308 - Exploring Binary af854a3a-2127-422b-91ae-364da2661108 www.exploringbinary.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
'[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Repository / Oval Repository af854a3a-2127-422b-91ae-364da2661108 oval.cisecurity.org
Novell Sentinel Log Manager Java and Tomcat Vulnerabilities - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com
IBM PM31983: Fix security vulnerability: CVE-2010-4476 - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
'[security bulletin] HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
access.redhat.com af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
Support | Red Hat af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
Security Alert For CVE-2010-4476 Released (The Oracle Global Product Security Blog) af854a3a-2127-422b-91ae-364da2661108 blogs.oracle.com
IBM IZ94423: Fix security vulnerability: CVE-2010-4476 - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com
Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service - SecurityTracker af854a3a-2127-422b-91ae-364da2661108 www.securitytracker.com
'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
'[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Serv' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
www13.itrc.hp.com/service/cki/docDisplay.do af854a3a-2127-422b-91ae-364da2661108 www13.itrc.hp.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
Security Advisories | Mandriva Linux af854a3a-2127-422b-91ae-364da2661108 www.mandriva.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
'[security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org
'[security bulletin] HPSBMU02690 SSRT100569 rev.1 - HP Business Availability Center (BAC) Running on' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
About Secunia Research | Flexera af854a3a-2127-422b-91ae-364da2661108 secunia.com
Repository / Oval Repository af854a3a-2127-422b-91ae-364da2661108 oval.cisecurity.org
[security-announce] SUSE-SU-2011:0823-1: important: Security update for af854a3a-2127-422b-91ae-364da2661108 lists.opensuse.org
IBM CICS Transaction Gateway Java Double Literal Parsing Denial of Service - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
'[security bulletin] HPSBUX02641 SSRT100412 rev.1 - HP OpenView Network Node Manager (OV NNM) for HP-' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
Debian -- Security Information -- DSA-2161-1 openjdk-6 af854a3a-2127-422b-91ae-364da2661108 www.debian.org
'[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Multiple Vulnerabilities in Cosminexus: Software Vulnerability Information: Software: Hitachi af854a3a-2127-422b-91ae-364da2661108 www.hitachi.co.jp
Webmail - OVH af854a3a-2127-422b-91ae-364da2661108 www.vupen.com Vendor Advisory
Repository / Oval Repository af854a3a-2127-422b-91ae-364da2661108 oval.cisecurity.org
Repository / Oval Repository af854a3a-2127-422b-91ae-364da2661108 oval.cisecurity.org
Fedora update for java-1.6.0-openjdk - Secunia.com af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
[security-announce] SUSE Security Announcement: IBM Java 1.4.2 (SUSE-SA: af854a3a-2127-422b-91ae-364da2661108 lists.opensuse.org
IBM Java Multiple Vulnerabilities - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
Off by On af854a3a-2127-422b-91ae-364da2661108 blog.fortify.com
IBM Tivoli Fed Id Mgr Business Gateway v6.2.0, Fix Pack 9, 6.2.0-TIV-TFIMBG-FP0009 af854a3a-2127-422b-91ae-364da2661108 www.ibm.com
'[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JD' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Sentinel Log Manager 1.2.0.1 (1.2 Hot Fix 1) af854a3a-2127-422b-91ae-364da2661108 support.novell.com
IBM Tivoli Federated Identity Manager 6.2.0 Fixpack 9 (6.2.0-TIV-TFIM-FP0009) af854a3a-2127-422b-91ae-364da2661108 www.ibm.com
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
'[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CS' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Red Hat update for java-1.6.0-openjdk - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
'[security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Discl' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
Support af854a3a-2127-422b-91ae-364da2661108 www.redhat.com Vendor Advisory
'[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info
HP OpenView Network Node Manager Denial of Service Vulnerability - Advisories - Community af854a3a-2127-422b-91ae-364da2661108 secunia.com Vendor Advisory
cpuapr2011 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Vendor Advisory
Repository / Oval Repository af854a3a-2127-422b-91ae-364da2661108 oval.cisecurity.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report