Sandbox Bypass

Affecting openjdk-jre package, versions [1.7.0,1.7.0_261) || [1.8.0,1.8.0_251) || [11.0.0,11.0.7) || [14.0.0, 14.0.1)

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Sandbox Bypass. It was discovered that the boundary checks in the java.nio.Buffer class in the Libraries component of OpenJDK could have been bypassed when class instance was accessed concurrently. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Remediation

Upgrade openjdk-jre to version 7.0.261, 8.0.251, 11.0.7, 14.0.1 or higher.

References

CVSS Score

8.3
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Changed
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Credit
Markus Loewe
CVE
CVE-2020-14583
CWE
CWE-265
Snyk ID
SNYK-UPSTREAM-OPENJDKJRE-584582
Disclosed
14 Jul, 2020
Published
15 Jul, 2020