OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)

🗓️ 18 Jan 2018 21:55:29Reported by RedHatType

Unbounded memory allocation in BasicAttributes deserialization enables unauthenticated remote access and partial denial of service.

Reporter	Title	Published	Views	Family All 227
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management	17 Jun 201815:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics	9 Jul 201811:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect IBM® Intelligent Operations Center products	21 Dec 201811:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced	15 May 202017:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring	17 Jun 201815:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ	15 Jun 201807:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF	15 Jun 201807:09	–	ibm
IBM Security Bulletins	Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime	15 Jan 201918:15	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	java-1.8.0-oracle	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-1:1.8.0.161-1jpp.1.el6_9.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-1:1.8.0.161-1jpp.1.el6_9.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle	1:1.8.0.161-1jpp.2.el7	java-1.8.0-oracle-1:1.8.0.161-1jpp.2.el7.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.8.0-oracle-devel	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.1.el6_9.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-devel	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.1.el6_9.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle-devel	1:1.8.0.161-1jpp.2.el7	java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.2.el7.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.8.0-oracle-javafx	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.1.el6_9.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-javafx	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.1.el6_9.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle-javafx	1:1.8.0.161-1jpp.2.el7	java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.2.el7.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.8.0-oracle-jdbc	1:1.8.0.161-1jpp.1.el6_9	java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.1.el6_9.i686.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-2678
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-2678
cve	www.cve.org/CVERecord

13 Jan 2026 21:37Current

7.3High risk

Vulners AI Score7.3

CVSS 3.14.3

CVSS 24.3

EPSS0.0009

SSVC