CVE-2017-10345

CWE-770Allocation without Limits10 documents8 sources
Severity
3.1LOW
EPSS
0.8%
top 26.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Netapp E-series Santricity OS ControllerNetapp Oncommand Unified ManagerOracle Corporation Java+15 more
Timeline
PublishedOct 19
Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks o

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages16 packages

CVEListV5oracle_corporation/java4 versions+3
NVDoracle/jrockitr28.3.15
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
Ubuntuopenjdk-7< 7u151-2.6.11-2ubuntu0.14.04.1

Also affects: Debian Linux 7.0, 8.0, 9.0, Enterprise Linux 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-p7q9-c7hh-v46v: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization)2022-05-13
OSV
CVE-2017-10345: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization)2017-10-19
CVEList
CVE-2017-10345: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization)2017-10-19

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2017-11-29
Ubuntu
OpenJDK 8 vulnerabilities2017-11-08
Red Hat
OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)2017-10-17
Debian
CVE-2017-10345: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...2017

💬Community

2
Bugzilla
CVE-2017-10345 OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)2017-10-16
Bugzilla
CVE-2016-10345 passenger: File overwrite vulnerability in passenger-install-nginx-module2017-04-25
CVE-2017-10345 (LOW CVSS 3.1) | Vulnerability in the Java SE | cvebase.io