Vigil@nce: Java JRE, denial of service via a real
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a special double floating point number, in
order to create an infinite loop in Java programs.
– Severity: 2/4
– Creation date: 02/02/2011
IMPACTED PRODUCTS
– Java JRE/JDK
– Java JRE/JDK/J2SE
– Java JRE/SDK
– Java JRE/SDK/J2SE
DESCRIPTION OF THE VULNERABILITY
The number 2.2250738585072011e-308 if the "largest subnormal
double number" (in base 2 : 0x0fffffffffffff x 2^-1022).
On a x86 processor, the Java JRE uses x87 FPU registers (80 bit),
in order to find bit-after-bit the closest real value. This loop
stops when the remainder is inferior to the precision. However,
with the number 2.225..., this stop condition is never true (80
bit rounded to 64 bit), and an infinite loop occurs.
An attacker can therefore use a special double floating point
number, in order to create an infinite loop in Java programs.
The origin of this vulnerability is the same as
VIGILANCE-VUL-10257.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Java-JRE-denial-of-service-via-a-real-10321