CVE-2020-2803

CWE-119Buffer Overflow9 documents9 sources
Severity
8.3HIGH
EPSS
3.3%
top 12.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Netapp E-series Santricity OS ControllerNetapp StoragegridOracle Openjdk+8 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, atta

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages9 packages

CVEListV5oracle_corporation/javaJava SE Embedded: 8u241, Java SE: 7u251, 8u241, 11.0.6, 14+1
NVDoracle/openjdk1111.0.6+4
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
Debianopenjdk-11< 11.0.7+10-1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31, 32, Ubuntu Linux 16.04, 18.04, 19.10

🔴Vulnerability Details

3
GHSA
GHSA-7q6q-6j5w-jcg9: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2022-05-24
OSV
CVE-2020-2803: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2020-04-15
CVEList
CVE-2020-2803: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2020-04-15

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2020-04-22
Oracle
Oracle Oracle GraalVM Risk Matrix: Java — CVE-2020-28032020-04-15
Red Hat
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)2020-04-14
Debian
CVE-2020-2803: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon...2020

💬Community

1
Bugzilla
CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)2020-04-14
CVE-2020-2803 (HIGH CVSS 8.3) | Vulnerability in the Java SE | cvebase.io