CVE-2018-1517: Input Validation
First published: Thu Aug 16 2018(Updated: )
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Software Development Kit | =6-service_refresh_16 | |
| IBM Software Development Kit | =6.0 | |
| IBM Software Development Kit | =6r1-service_refresh_8 | |
| IBM Software Development Kit | =7-service_refresh_10 | |
| IBM Software Development Kit | =7.0 | |
| IBM Software Development Kit | =7r1-service_refresh_4 | |
| IBM Software Development Kit | =8-service_refresh_5 | |
| IBM Software Development Kit | =8.0 | |
| Red Hat Satellite | =5.6 | |
| Red Hat Satellite | =5.7 | |
| Red Hat Satellite | =5.8 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ibm.com/support/docview.wss?uid=ibm10719653
- http://www.securityfocus.com/bid/105117
- https://access.redhat.com/errata/RHSA-2018:2568
- https://access.redhat.com/errata/RHSA-2018:2569
- https://access.redhat.com/errata/RHSA-2018:2575
- https://access.redhat.com/errata/RHSA-2018:2576
- https://access.redhat.com/errata/RHSA-2018:2712
- https://access.redhat.com/errata/RHSA-2018:2713
- https://exchange.xforce.ibmcloud.com/vulnerabilities/141681
- https://www-01.ibm.com/support/docview.wss?uid=ibm10719653
- https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018
- https://bugzilla.redhat.com/show_bug.cgi?id=1618871
Frequently Asked Questions
What is the severity of CVE-2018-1517?
CVE-2018-1517 has been rated as high severity due to its potential to allow denial-of-service attacks.
How do I fix CVE-2018-1517?
To fix CVE-2018-1517, update to the latest version of the IBM SDK, Java Technology Edition that addresses this vulnerability.
What versions of IBM SDK are affected by CVE-2018-1517?
CVE-2018-1517 affects IBM SDK versions 6.0, 7.0, and 8.0, including their respective service refreshes.
What type of vulnerability is CVE-2018-1517?
CVE-2018-1517 is a denial-of-service vulnerability found in the java.math component of IBM SDK.
Who can be affected by CVE-2018-1517?
Users and applications relying on targeted versions of IBM SDK could be affected by CVE-2018-1517 if exploited.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1517
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/severity
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm software development kit
- version/ibm software development kit/6-service_refresh_16
- version/ibm software development kit/6.0
- version/ibm software development kit/6r1-service_refresh_8
- version/ibm software development kit/7-service_refresh_10
- version/ibm software development kit/7.0
- version/ibm software development kit/7r1-service_refresh_4
- version/ibm software development kit/8-service_refresh_5
- version/ibm software development kit/8.0
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/5.6
- version/red hat satellite/5.7
- version/red hat satellite/5.8
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0