Lucene search

Veracode Vulnerability DatabaseVERACODE:20123

HistoryMay 16, 2019 - 3:57 a.m.

Denial Of Service (DoS)

2019-05-1603:57:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Eclipse OpenJ9 is vulnerable to denial of service (DoS) attacks. Multiple buffer-overflow vulnerabilities exists in the function jio_snprintf/jio_vsnprintf of the component API Handler because it fails to perform adequate boundary checks on user-supplied data. Attackers could execute arbitrary code the affected application and failed attempts will likely cause an application crash.

CPENameOperatorVersion
java-1.8.0-ibmeq1.8.0.4.1__1jpp.1.el6_8
java-1.7.1-ibmeq1.7.1.3.40__1jpp.1.el6_7
java-1.7.1-ibmeq1.7.1.4.1__1jpp.1.el6_8

Name	Operator	Version
java-1.8.0-ibm	eq	1.8.0.4.1__1jpp.1.el6_8
java-1.7.1-ibm	eq	1.7.1.3.40__1jpp.1.el6_7
java-1.7.1-ibm	eq	1.7.1.4.1__1jpp.1.el6_8

References

access.redhat.com/errata/RHSA-2019:0469

access.redhat.com/security/updates/classification/#critical

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:20123