CVE-2018-2952

CWE-770 — Allocation without Limits12 documents8 sources

Severity

3.7LOW

EPSS

0.1%

top 69.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp E-series Santricity OS Controller Oracle Corporation Java Canonical Ubuntu Linux +14 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages15 packages

▶CVEListV5oracle_corporation/java4 versions+3

▶NVDoracle/jrockitr28.3.18

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.5, 7.6, 7.7

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvp8-49wp-gw4c: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency)↗2022-05-13

▶

OSV

openjdk-lts regression↗2018-09-12

▶

OSV

openjdk-lts vulnerabilities↗2018-08-21

▶

CVEList

CVE-2018-2952: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency)↗2018-07-18

▶

OSV

CVE-2018-2952: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency)↗2018-07-18

▶

📋Vendor Advisories

Ubuntu

OpenJDK 10 vulnerabilities↗2018-08-21

▶

Ubuntu

OpenJDK 8 vulnerability↗2018-08-10

▶

Ubuntu

OpenJDK 7 vulnerability↗2018-08-10

▶

Red Hat

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)↗2018-07-17

▶

Debian

CVE-2018-2952: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2018

▶

💬Community

Bugzilla

CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)↗2018-07-13

▶