IBM Support

PM31983: Fix security vulnerability: CVE-2010-4476

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Hang in Double.parseDouble().
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • When parsing the double literal the JVM goes into an infinite
    loop.
    

Problem conclusion

  • This defect will be fixed in:
    1.4.2 SR13 FP9
    .
    JVM has been modified to take care of this security
    vulnerability.
    .
    To obtain the fix:
    Install build 20110210 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM31983

  • Reported component name

    JAVA(1.3/1.4 CO

  • Reported component ID

    5648C9800

  • Reported release

    42A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2011-02-08

  • Closed date

    2011-02-14

  • Last modified date

    2011-02-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA(1.3/1.4 CO

  • Fixed component ID

    5648C9800

Applicable component levels

  • R42A PSN

       UP

  • R42L PSN

       UP

  • R42W PSN

       UP

  • R420 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.4.2","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
27 October 2021