First published: Mon Jan 13 2020(Updated: )
A flaw was found in the what the BeanContextSupport class in the Serialization component of OpenJDK handled exceptions during deserialization. A specially-crafted input could cause a Java application to use an excessive amount of resources when deserialized.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10 | 1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10 |
redhat/java | <1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10 | 1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el6_10 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el6_10 |
redhat/java | <11-openjdk-1:11.0.6.10-1.el7_7 | 11-openjdk-1:11.0.6.10-1.el7_7 |
redhat/java | <1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7 | 1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7 |
redhat/java | <1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7 | 1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el7 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.6.10-0.el8_1 | 11-openjdk-1:11.0.6.10-0.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1 | 1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.5-1.el8_1 | 1.8.0-ibm-1:1.8.0.6.5-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0 | 1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.6.10-0.el8_0 | 11-openjdk-1:11.0.6.10-0.el8_0 |
Oracle JDK | =1.7.0-update241 | |
Oracle JDK | =1.8.0-update231 | |
Oracle JDK | =11.0.5 | |
Oracle JDK | =13.0.1 | |
Oracle JRE | =1.7.0-update_241 | |
Oracle JRE | =1.8.0-update_231 | |
Oracle JRE | =11.0.5 | |
Oracle JRE | =13.0.1 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.7 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.7 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Oracle OpenJDK | =7 | |
Oracle OpenJDK | =7-update241 | |
Oracle OpenJDK | =7-update80 | |
Oracle OpenJDK | =7-update85 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =11 | |
Oracle OpenJDK | =11.0.1 | |
Oracle OpenJDK | =11.0.2 | |
Oracle OpenJDK | =11.0.3 | |
Oracle OpenJDK | =11.0.4 | |
Oracle OpenJDK | =11.0.5 | |
Oracle OpenJDK | =13 | |
Oracle OpenJDK | =13.0.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
openSUSE Leap | =15.1 | |
McAfee ePolicy Orchestrator | =5.9.0 | |
McAfee ePolicy Orchestrator | =5.9.1 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
Netapp E-series Performance Analyzer | ||
Netapp E-series Santricity Management Vmware Vcenter | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Unified Manager | ||
Netapp Steelstore Cloud Integrated Storage | ||
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25~5ea-1 | |
debian/openjdk-8 | 8u422-b05-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-2583 is a vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
The affected versions are Java SE: 7u241, 8u231, 11.0.5, and 13.0.1.
It is a difficult vulnerability to exploit, but an unauthenticated attacker with network access can potentially exploit it.
The severity of CVE-2020-2583 is rated as low with a severity value of 3.7.
To fix CVE-2020-2583, update to the recommended versions of Java SE: 1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10, 1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10, 1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el6_10, 1.8.0-ibm-1:1.8.0.6.5-1jpp.1.el6_10, 11-openjdk-1:11.0.6.10-1.el7_7, 1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7, 1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7, 1.7.1-ibm-1:1.7.1.4.60-1jpp.1.el7, 1.8.0-ibm-1:1.8.0.6.5-1.el8_1, 1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1, 1.8.0-ibm-1:1.8.0.6.5-1.el8_1, 1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0, 11-openjdk-1:11.0.6.10-0.el8_0.