Lucene search

K
redosRedosROS-20240424-01
HistoryApr 24, 2024 - 12:00 a.m.

ROS-20240424-01

2024-04-2400:00:00
redos.red-soft.ru
1
imageio
insufficient input validation
denial of service
libraries
unrestricted resource allocation
partial denial of service
serialization
in-memory recovery
jaxp
execution loop
hotspot
integer overflow
writing outside buffer boundaries
cross-boundary critical data deletion errors
oracle
graalvm
java se
virtual machine
unauthorized access
critical data deletion
information disclosure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to
insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service

Vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine
GraalVM Enterprise Edition is associated with in-memory recovery of invalid data. Exploitation
vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to information disclosure. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to writing outside of buffer boundaries. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data

A vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to the execution of a loop with an inaccessible exit condition. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service

Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is associated with cross-boundary critical data deletion errors. Exploitation of the vulnerability
could allow an attacker acting remotely to disclose protected information

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is associated with unrestricted resource allocation. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64java-1.8.0-openjdk<= 1.8.0.402.b06-1UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%