CVE-2019-2842

CWE-119Buffer Overflow8 documents8 sources
Severity
3.7LOW
EPSS
0.5%
top 32.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
HP XP7 Command ViewOracle Corporation JavaCanonical Ubuntu Linux+4 more
Timeline
PublishedJul 23
Latest updateMay 24

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

CVEListV5oracle_corporation/javaJava SE: 8u212
NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0
NVDhp/xp7_command_view< 8.7.0-00
Ubuntuopenjdk-8< 8u222-b10-1ubuntu1~16.04.1+1

Also affects: Ubuntu Linux 16.04

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-hp4x-r8hj-mqj6: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE)2022-05-24
OSV
CVE-2019-2842: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE)2019-07-23
CVEList
CVE-2019-2842: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE)2019-07-23

📋Vendor Advisories

3
Ubuntu
OpenJDK 8 vulnerabilities2019-07-31
Red Hat
OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)2019-07-16
Debian
CVE-2019-2842: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). Th...2019

💬Community

1
Bugzilla
CVE-2019-2842 OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)2019-07-15
CVE-2019-2842 (LOW CVSS 3.7) | Vulnerability in the Java SE compon | cvebase.io