#2540 parseDouble("2.2250738585072012e-308") DoS vulnerability

Security
closed-fixed
Dave Blaschke
5
2012-12-14
2012-09-29
Dave Blaschke
No

Background -
In early 2011 a critical Java Class Library security vulnerability was blogged on the Internet and is now in the public domain. (an IBM customer has already checked this issue with IBM Java and raised a PMR).

Issue -
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.

Impact -
This can be used as a denial of service attack against app servers. If an app server receives a HTTP request and parses the value with parseDouble() the thread doing the parsing will go into an infinite loop

Who's Affected -
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and Web services are particularly at risk.

Discussion

  • Dave Blaschke
    Dave Blaschke
    2012-10-02

    The Java CIM Client no longer runs on Java 1.4, so the versions at issue are Java 5 and Java 6 prior to update 24

     
  • Dave Blaschke
    Dave Blaschke
    2012-10-02

    • status: open --> open-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2012-10-02

    Patch sent for community review. During a 2 week period any
    exploiter may comment on the patch, request changes or turn it
    down completely (with good reason). For the time being the patch is part of the "Experimental" branch in CVS.

     
  • Dave Blaschke
    Dave Blaschke
    2012-11-15

    Patch against HEAD

     
    Attachments
  • Dave Blaschke
    Dave Blaschke
    2012-11-15

    • status: open-fixed --> pending-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2012-11-15

    The community review has completed and we received no substantial criticism. Therefore the patch has been approved and merged into the "HEAD" branch. The next release will pick it up.

     
  • Dave Blaschke
    Dave Blaschke
    2012-12-14

    • status: pending-fixed --> closed-fixed
     
  • Dave Blaschke
    Dave Blaschke
    2012-12-14

    The patch was picked up by release 2.2.1 and will therefore be closed.