back to article Oracle patches decade-old 'Mark-of-the-Beast' bug in Java

Oracle has squashed a decade-old bug in its Java programming framework that allows attackers to bring down sensitive servers by feeding them numerical values with large numbers of decimal places. The vulnerability in the latest version of Java was disclosed last month and reported by The Reg on Monday. The bug, which stems from …


This topic is closed for new posts.
  1. millenium2011

    not the only one perhaps?

    Has anyone thought to check C#?

    After all these str to decimal type conversions near limits, are not just potentially an issue for one runtime.

    As reg reported previously bug affected two languages, but both of those now fixed.

    1. Sentient


      no problem on .NET

      at least not for this value. ;)

  2. Neil 7
    Black Helicopters


    I wonder if the exact same identical bug exists in Android, I mean that would be pure coincidence of course...

    1. Giles Jones Gold badge


      Why would it fail in Android?

      The failure is in Java runtime classes which Android doesn't use, if it did use them then it would offer some sort of JDK compatibility.

  3. Neil 7


    > Why would it fail in Android?

    Red Arrows moment?

    > which Android doesn't use

    I guess we'll wait for the courts to decide.

This topic is closed for new posts.