Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
NUM05-J	low	probable	high	P2	L3

Related Vulnerabilities

CVE-2010-4476 (CVE 2008 ) reports a vulnerability in the Double.parseDouble() method in Java 1.6 update 23 and earlier, Java 1.5 update 27 and earlier, and 1.4.2_29 and earlier. This vulnerability causes a denial of service when this method is fed a certain crafted string. The value 2.2250738585072012e-308 is close to the minimum normalized positive double-precision floating-point number, and when encoded as a string, it triggers an infinite loop of estimations during conversion to a normalized or denormalized double.

Related Guidelines

The CERT C Secure Coding Standard

FLP05-C. Don't use denormalized numbers

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a808b94b-4743-40ab-9319-c2790fff4658"><ac:plain-text-body><![CDATA[	[[CVE 2008	AA. Bibliography#CVE 08]]	[CVE-2010-4476	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="14da49debc84a16f-e5bc333e-4dd44ed6-84b9ad1f-6d4d7638e2f03eeff985a258"><ac:plain-text-body><![CDATA[	[[IEEE 754	AA. Bibliography#IEEE 754 2006]]		]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e4aa03b24cd58ee1-48408c91-48814a3e-bbe89208-890f63f8fedd4ec863eb5d61"><ac:plain-text-body><![CDATA[	[[Bryant 2003	AA. Bibliography#Bryant 03]]	Computer Systems: A Programmer's Perspective. Section 2.4 Floating Point	]]></ac:plain-text-body></ac:structured-macro>

...

Space shortcuts

Page tree

Versions Compared

Old Version 34

New Version 35

Key

Related Vulnerabilities

Related Guidelines

Bibliography