#2540 parseDouble("2.2250738585072012e-308") DoS vulnerability

Security
closed-fixed
5
2012-12-14
2012-09-29
No

Background -
In early 2011 a critical Java Class Library security vulnerability was blogged on the Internet and is now in the public domain. (an IBM customer has already checked this issue with IBM Java and raised a PMR).

Issue -
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.

Impact -
This can be used as a denial of service attack against app servers. If an app server receives a HTTP request and parses the value with parseDouble() the thread doing the parsing will go into an infinite loop

Who's Affected -
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and Web services are particularly at risk.

Discussion

  • Dave Blaschke

    Dave Blaschke - 2012-10-02

    The Java CIM Client no longer runs on Java 1.4, so the versions at issue are Java 5 and Java 6 prior to update 24

     
  • Dave Blaschke

    Dave Blaschke - 2012-10-02
    • status: open --> open-fixed
     
  • Dave Blaschke

    Dave Blaschke - 2012-10-02

    Patch sent for community review. During a 2 week period any
    exploiter may comment on the patch, request changes or turn it
    down completely (with good reason). For the time being the patch is part of the "Experimental" branch in CVS.

     
  • Dave Blaschke

    Dave Blaschke - 2012-11-15

    Patch against HEAD

     
  • Dave Blaschke

    Dave Blaschke - 2012-11-15
    • status: open-fixed --> pending-fixed
     
  • Dave Blaschke

    Dave Blaschke - 2012-11-15

    The community review has completed and we received no substantial criticism. Therefore the patch has been approved and merged into the "HEAD" branch. The next release will pick it up.

     
  • Dave Blaschke

    Dave Blaschke - 2012-12-14
    • status: pending-fixed --> closed-fixed
     
  • Dave Blaschke

    Dave Blaschke - 2012-12-14

    The patch was picked up by release 2.2.1 and will therefore be closed.

     

Log in to post a comment.