CVE-2011-0311

CWE-119Buffer Overflow10 documents5 sources
Severity
3.5LOW
EPSS
0.8%
top 26.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM JavaIBM Runtimes FOR Java Technology
Timeline
PublishedSep 2
Latest updateMay 17

Description

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDibm/java1.4.2.13.8+9
NVDibm/runtimes5.0.12.4+19

🔴Vulnerability Details

2
GHSA
GHSA-4f6f-x539-9v2g: The class file parser in IBM Java before 12022-05-17
CVEList
CVE-2011-0311: The class file parser in IBM Java before 12011-09-02

📋Vendor Advisories

2
Red Hat
java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP92011-06-29
Red Hat
IBM JDK Class file parsing denial-of-service2011-01-20

💬Community

5
Bugzilla
CVE-2011-3387 java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP92011-09-09
Bugzilla
CVE-2011-0311 IBM JDK Class file parsing denial-of-service2011-05-05
Bugzilla
CVE-2011-0062 Mozilla miscellaneous memory safety hazards (MFSA 2011-01)2011-02-04
Bugzilla
CVE-2011-0061 Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)2011-02-04
Bugzilla
CVE-2010-1585 Mozilla ParanoidFragmentSink allows javascript: URLs in chrome documents (MFSA 2011-08)2011-02-04
CVE-2011-0311 (LOW CVSS 3.5) | The class file parser in IBM Java b | cvebase.io