Buffer Overflow

Affecting openjdk-jre package, versions [1.7.0, 1.7.0_261) || [1.8.0, 1.8.0_251) || [11.0.0, 11.0.7) || [14.0.0, 14.0.1)

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Buffer Overflow. A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions.

Remediation

Upgrade openjdk-jre to version 7.0.261, 8.0.251, 11.0.7, 14.0.1 or higher.

References

CVSS Score

7.5
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Credit
Nils Emmerich of ERNW
CVE
CVE-2020-2803
CWE
CWE-119
Snyk ID
SNYK-UPSTREAM-OPENJDKJRE-565491
Disclosed
15 Apr, 2020
Published
15 Apr, 2020