Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
NUM05-J	low	probable	high	P2	L3

Related Vulnerabilities

CVE-2010-4476 (CVE 2008 ) reports a vulnerability in the Double.parseDouble() method in Java 1.6 update 23 and earlier, Java 1.5 update 27 and earlier, and 1.4.2_29 and earlier. This vulnerability causes a denial of service when this method is fed a certain crafted string. The value 2.2250738585072012e-308 is close to the minimum normalized positive double-precision floating-point number, and when encoded as a string, it triggers an infinite loop of estimations during conversion to a normalized or denormalized double.

Related Guidelines

The CERT C Secure Coding Standard

FLP05-C. Don't use denormalized numbers

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10038777-2bc3-4d56-b7d7-1a32d0149c2f"><ac:plain-text-body><![CDATA[	[[CVE 2008	AA. Bibliography#CVE 08]]	[CVE-2010-4476	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="30bd74309d00f7bc-2b9c86a8-4fa845fb-aee59d30-5b0d93f31ddda9875e41c8a4"><ac:plain-text-body><![CDATA[	[[IEEE 754	AA. Bibliography#IEEE 754 2006]]		]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c3b66a6ffd2ab0cd-132cf4da-42a74143-98b3848f-bbe4682d4b9ff56635270734"><ac:plain-text-body><![CDATA[	[[Bryant 2003	AA. Bibliography#Bryant 03]]	Computer Systems: A Programmer's Perspective. Section 2.4 Floating Point	]]></ac:plain-text-body></ac:structured-macro>

...

Space shortcuts

Page tree

Versions Compared

Old Version 34

New Version 35

Key

Related Vulnerabilities

Related Guidelines

Bibliography