CVE-2019-2818Observable Discrepancy in Corporation Java

CWE-203Observable DiscrepancyCWE-385Covert Timing Channel8 documents8 sources
Severity
3.1LOWNVD
EPSS
1.1%
top 22.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation JavaOracle JDKOracle JRE
Timeline
PublishedJul 23
Latest updateMay 24

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

CVEListV5oracle_corporation/javaJava SE: 11.0.3, 12.0.1
NVDoracle/jdk11.0.3, 12.0.1+1
NVDoracle/jre11.0.3, 12.0.1+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-vxcg-q298-6w55: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2022-05-24
OSV
CVE-2019-2818: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2019-07-23
CVEList
CVE-2019-2818: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2019-07-23

📋Vendor Advisories

3
Ubuntu
OpenJDK 11 vulnerabilities2019-07-31
Red Hat
OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)2019-07-16
Debian
CVE-2019-2818: openjdk-11 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security...2019

💬Community

1
Bugzilla
CVE-2019-2818 OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)2019-07-15
CVE-2019-2818 — Observable Discrepancy | cvebase