CVE-2018-2677

CWE-770Allocation without Limits9 documents8 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 78.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Schneider-electric Struxureware Data Center ExpertOracle Corporation JavaCanonical Ubuntu Linux+13 more
Timeline
PublishedJan 18
Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthoriz

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages13 packages

CVEListV5oracle_corporation/java4 versions+3
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
Ubuntuopenjdk-7< 7u171-2.6.13-0ubuntu0.14.04.2

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-88q3-m66q-pg82: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT)2022-05-13
CVEList
CVE-2018-2677: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT)2018-01-18
OSV
CVE-2018-2677: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT)2018-01-17

📋Vendor Advisories

4
Ubuntu
OpenJDK 8 vulnerabilities2018-04-02
Ubuntu
OpenJDK 7 vulnerabilities2018-04-02
Red Hat
OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289)2018-01-16
Debian
CVE-2018-2677: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2018

💬Community

1
Bugzilla
CVE-2018-2677 OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289)2018-01-14
CVE-2018-2677 (MEDIUM CVSS 4.3) | Vulnerability in the Java SE | cvebase.io