5.9
CVE-2018-10237
- EPSS 3.26%
- Veröffentlicht 26.04.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:04
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Satellite Capsule Version6.4
Redhat ≫ Virtualization Version4.2
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Redhat ≫ Jboss Enterprise Application Platform Version7.1.0
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Redhat ≫ Jboss Enterprise Application Platform Version7.1.0
Oracle ≫ Banking Payments Version >= 14.1.0 <= 14.4.0
Oracle ≫ Communications Ip Service Activator Version7.3.0
Oracle ≫ Communications Ip Service Activator Version7.4.0
Oracle ≫ Customer Management And Segmentation Foundation Version18.0
Oracle ≫ Database Server Version12.2.0.1
Oracle ≫ Database Server Version18c
Oracle ≫ Database Server Version19c
Oracle ≫ Flexcube Investor Servicing Version12.1.0
Oracle ≫ Flexcube Investor Servicing Version12.3.0
Oracle ≫ Flexcube Investor Servicing Version12.4.0
Oracle ≫ Flexcube Investor Servicing Version14.0.0
Oracle ≫ Flexcube Investor Servicing Version14.1.0
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Xstore Point Of Service Version7.1
Oracle ≫ Retail Xstore Point Of Service Version15.0
Oracle ≫ Retail Xstore Point Of Service Version16.0
Oracle ≫ Retail Xstore Point Of Service Version17.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.26% | 0.859 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.