CVE-2011-3387

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.0MEDIUM

EPSS

0.7%

top 27.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java

Timeline

PublishedSep 2

Latest updateMay 17

Description

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/java1.4.2.13.9

🔴Vulnerability Details

GHSA

GHSA-c76f-h47x-j5r2: The class file parser in IBM Java 1↗2022-05-17

▶

CVEList

CVE-2011-3387: The class file parser in IBM Java 1↗2011-09-02

▶

📋Vendor Advisories

Red Hat

java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9↗2011-06-29

▶

💬Community

Bugzilla

CVE-2011-3387 java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9↗2011-09-09

▶