First published: Sun Apr 12 2020(Updated: )
A flaw was found in the Nashorn JavaScript engine in the Scripting component of OpenJDK. The state machine of the regular expression Parser did not correctly handle empty string nodes in certain cases, which could cause an unexpected exception to be raised when processing a specially crafted regular expression.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 |
redhat/java | <11-openjdk-1:11.0.7.10-4.el7_8 | 11-openjdk-1:11.0.7.10-4.el7_8 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_1 | 11-openjdk-1:11.0.7.10-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1.el8_2 | 1.8.0-ibm-1:1.8.0.6.10-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_0 | 11-openjdk-1:11.0.7.10-1.el8_0 |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25~5ea-1 | |
debian/openjdk-8 | 8u422-b05-1 | |
Oracle JDK 6 | =1.8.0-update241 | |
Oracle JDK 6 | =11.0.6 | |
Oracle JDK 6 | =14.0.0 | |
Oracle Java Runtime Environment (JRE) | =1.8.0-update241 | |
Oracle Java Runtime Environment (JRE) | =11.0.6 | |
Oracle Java Runtime Environment (JRE) | =14.0.0 | |
OpenJDK 17 | >=11<=11.0.6 | |
OpenJDK 17 | >=13<=13.0.2 | |
OpenJDK 17 | =7 | |
OpenJDK 17 | =7-update1 | |
OpenJDK 17 | =7-update10 | |
OpenJDK 17 | =7-update101 | |
OpenJDK 17 | =7-update11 | |
OpenJDK 17 | =7-update111 | |
OpenJDK 17 | =7-update121 | |
OpenJDK 17 | =7-update13 | |
OpenJDK 17 | =7-update131 | |
OpenJDK 17 | =7-update141 | |
OpenJDK 17 | =7-update15 | |
OpenJDK 17 | =7-update151 | |
OpenJDK 17 | =7-update161 | |
OpenJDK 17 | =7-update17 | |
OpenJDK 17 | =7-update171 | |
OpenJDK 17 | =7-update181 | |
OpenJDK 17 | =7-update191 | |
OpenJDK 17 | =7-update2 | |
OpenJDK 17 | =7-update201 | |
OpenJDK 17 | =7-update21 | |
OpenJDK 17 | =7-update211 | |
OpenJDK 17 | =7-update221 | |
OpenJDK 17 | =7-update231 | |
OpenJDK 17 | =7-update241 | |
OpenJDK 17 | =7-update25 | |
OpenJDK 17 | =7-update251 | |
OpenJDK 17 | =7-update3 | |
OpenJDK 17 | =7-update4 | |
OpenJDK 17 | =7-update40 | |
OpenJDK 17 | =7-update45 | |
OpenJDK 17 | =7-update5 | |
OpenJDK 17 | =7-update51 | |
OpenJDK 17 | =7-update55 | |
OpenJDK 17 | =7-update6 | |
OpenJDK 17 | =7-update60 | |
OpenJDK 17 | =7-update65 | |
OpenJDK 17 | =7-update67 | |
OpenJDK 17 | =7-update7 | |
OpenJDK 17 | =7-update72 | |
OpenJDK 17 | =7-update76 | |
OpenJDK 17 | =7-update80 | |
OpenJDK 17 | =7-update85 | |
OpenJDK 17 | =7-update9 | |
OpenJDK 17 | =7-update91 | |
OpenJDK 17 | =7-update95 | |
OpenJDK 17 | =7-update97 | |
OpenJDK 17 | =7-update99 | |
OpenJDK 17 | =8 | |
OpenJDK 17 | =8-update101 | |
OpenJDK 17 | =8-update102 | |
OpenJDK 17 | =8-update11 | |
OpenJDK 17 | =8-update111 | |
OpenJDK 17 | =8-update112 | |
OpenJDK 17 | =8-update121 | |
OpenJDK 17 | =8-update131 | |
OpenJDK 17 | =8-update141 | |
OpenJDK 17 | =8-update151 | |
OpenJDK 17 | =8-update152 | |
OpenJDK 17 | =8-update161 | |
OpenJDK 17 | =8-update162 | |
OpenJDK 17 | =8-update171 | |
OpenJDK 17 | =8-update172 | |
OpenJDK 17 | =8-update181 | |
OpenJDK 17 | =8-update191 | |
OpenJDK 17 | =8-update192 | |
OpenJDK 17 | =8-update20 | |
OpenJDK 17 | =8-update201 | |
OpenJDK 17 | =8-update202 | |
OpenJDK 17 | =8-update211 | |
OpenJDK 17 | =8-update212 | |
OpenJDK 17 | =8-update221 | |
OpenJDK 17 | =8-update231 | |
OpenJDK 17 | =8-update241 | |
OpenJDK 17 | =8-update25 | |
OpenJDK 17 | =8-update31 | |
OpenJDK 17 | =8-update40 | |
OpenJDK 17 | =8-update45 | |
OpenJDK 17 | =8-update5 | |
OpenJDK 17 | =8-update51 | |
OpenJDK 17 | =8-update60 | |
OpenJDK 17 | =8-update65 | |
OpenJDK 17 | =8-update66 | |
OpenJDK 17 | =8-update71 | |
OpenJDK 17 | =8-update72 | |
OpenJDK 17 | =8-update73 | |
OpenJDK 17 | =8-update74 | |
OpenJDK 17 | =8-update77 | |
OpenJDK 17 | =8-update91 | |
OpenJDK 17 | =8-update92 | |
OpenJDK 17 | =14 | |
NetApp 7-Mode Transition Tool | ||
netapp active iq unified manager windows | >=7.3 | |
netapp active iq unified manager vsphere | >=9.5 | |
netapp cloud backup | ||
netapp cloud secure agent | ||
netapp e-series performance analyzer | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
netapp e-series santricity Web services Web services proxy | ||
NetApp OnCommand Insight | ||
netapp santricity unified manager | ||
netapp snapmanager sap | ||
netapp snapmanager Oracle | ||
NetApp SteelStore | ||
netapp storagegrid | >=9.0.0<=9.0.4 | |
netapp storagegrid | ||
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
openSUSE | =15.1 | |
openSUSE | =15.2 | |
Debian GNU/Linux | =9.0 | |
Debian GNU/Linux | =10.0 | |
Ubuntu Linux | =16.04 | |
Ubuntu Linux | =18.04 | |
Ubuntu Linux | =19.10 | |
Trellix ePolicy Orchestrator | =5.9.0 | |
Trellix ePolicy Orchestrator | =5.9.1 | |
Trellix ePolicy Orchestrator | =5.10.0 | |
Trellix ePolicy Orchestrator | =5.10.0-update_1 | |
Trellix ePolicy Orchestrator | =5.10.0-update_2 | |
Trellix ePolicy Orchestrator | =5.10.0-update_3 | |
Trellix ePolicy Orchestrator | =5.10.0-update_4 | |
Trellix ePolicy Orchestrator | =5.10.0-update_5 | |
Trellix ePolicy Orchestrator | =5.10.0-update_6 | |
Trellix ePolicy Orchestrator | =5.10.0-update_7 | |
Trellix ePolicy Orchestrator | =5.10.0-update_8 | |
IBM Engineering Requirements Quality Assistant | <=All | |
Oracle Java SE 7 | =1.8.0-update241 | |
Oracle Java SE 7 | =11.0.6 | |
Oracle Java SE 7 | =14.0.0 | |
Oracle JRE | =1.8.0-update241 | |
Oracle JRE | =11.0.6 | |
Oracle JRE | =14.0.0 | |
OpenJDK 8 | >=11<=11.0.6 | |
OpenJDK 8 | >=13<=13.0.2 | |
OpenJDK 8 | =7 | |
OpenJDK 8 | =7-update1 | |
OpenJDK 8 | =7-update10 | |
OpenJDK 8 | =7-update101 | |
OpenJDK 8 | =7-update11 | |
OpenJDK 8 | =7-update111 | |
OpenJDK 8 | =7-update121 | |
OpenJDK 8 | =7-update13 | |
OpenJDK 8 | =7-update131 | |
OpenJDK 8 | =7-update141 | |
OpenJDK 8 | =7-update15 | |
OpenJDK 8 | =7-update151 | |
OpenJDK 8 | =7-update161 | |
OpenJDK 8 | =7-update17 | |
OpenJDK 8 | =7-update171 | |
OpenJDK 8 | =7-update181 | |
OpenJDK 8 | =7-update191 | |
OpenJDK 8 | =7-update2 | |
OpenJDK 8 | =7-update201 | |
OpenJDK 8 | =7-update21 | |
OpenJDK 8 | =7-update211 | |
OpenJDK 8 | =7-update221 | |
OpenJDK 8 | =7-update231 | |
OpenJDK 8 | =7-update241 | |
OpenJDK 8 | =7-update25 | |
OpenJDK 8 | =7-update251 | |
OpenJDK 8 | =7-update3 | |
OpenJDK 8 | =7-update4 | |
OpenJDK 8 | =7-update40 | |
OpenJDK 8 | =7-update45 | |
OpenJDK 8 | =7-update5 | |
OpenJDK 8 | =7-update51 | |
OpenJDK 8 | =7-update55 | |
OpenJDK 8 | =7-update6 | |
OpenJDK 8 | =7-update60 | |
OpenJDK 8 | =7-update65 | |
OpenJDK 8 | =7-update67 | |
OpenJDK 8 | =7-update7 | |
OpenJDK 8 | =7-update72 | |
OpenJDK 8 | =7-update76 | |
OpenJDK 8 | =7-update80 | |
OpenJDK 8 | =7-update85 | |
OpenJDK 8 | =7-update9 | |
OpenJDK 8 | =7-update91 | |
OpenJDK 8 | =7-update95 | |
OpenJDK 8 | =7-update97 | |
OpenJDK 8 | =7-update99 | |
OpenJDK 8 | =8 | |
OpenJDK 8 | =8-update101 | |
OpenJDK 8 | =8-update102 | |
OpenJDK 8 | =8-update11 | |
OpenJDK 8 | =8-update111 | |
OpenJDK 8 | =8-update112 | |
OpenJDK 8 | =8-update121 | |
OpenJDK 8 | =8-update131 | |
OpenJDK 8 | =8-update141 | |
OpenJDK 8 | =8-update151 | |
OpenJDK 8 | =8-update152 | |
OpenJDK 8 | =8-update161 | |
OpenJDK 8 | =8-update162 | |
OpenJDK 8 | =8-update171 | |
OpenJDK 8 | =8-update172 | |
OpenJDK 8 | =8-update181 | |
OpenJDK 8 | =8-update191 | |
OpenJDK 8 | =8-update192 | |
OpenJDK 8 | =8-update20 | |
OpenJDK 8 | =8-update201 | |
OpenJDK 8 | =8-update202 | |
OpenJDK 8 | =8-update211 | |
OpenJDK 8 | =8-update212 | |
OpenJDK 8 | =8-update221 | |
OpenJDK 8 | =8-update231 | |
OpenJDK 8 | =8-update241 | |
OpenJDK 8 | =8-update25 | |
OpenJDK 8 | =8-update31 | |
OpenJDK 8 | =8-update40 | |
OpenJDK 8 | =8-update45 | |
OpenJDK 8 | =8-update5 | |
OpenJDK 8 | =8-update51 | |
OpenJDK 8 | =8-update60 | |
OpenJDK 8 | =8-update65 | |
OpenJDK 8 | =8-update66 | |
OpenJDK 8 | =8-update71 | |
OpenJDK 8 | =8-update72 | |
OpenJDK 8 | =8-update73 | |
OpenJDK 8 | =8-update74 | |
OpenJDK 8 | =8-update77 | |
OpenJDK 8 | =8-update91 | |
OpenJDK 8 | =8-update92 | |
OpenJDK 8 | =14 | |
NetApp Active IQ Unified Manager | >=7.3 | |
NetApp Active IQ Unified Manager | >=9.5 | |
NetApp Cloud Backup | ||
NetApp Cloud Secure Agent | ||
NetApp E-Series Performance Analyzer | ||
NetApp E-Series SANtricity Web Services | ||
NetApp E-Series SANtricity Unified Manager | ||
NetApp SnapManager for SAP | ||
NetApp SnapManager for Oracle | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp StorageGRID Webscale | >=9.0.0<=9.0.4 | |
NetApp StorageGRID Webscale | ||
Red Hat Fedora | =30 | |
Red Hat Fedora | =31 | |
Red Hat Fedora | =32 | |
SUSE Linux | =15.1 | |
SUSE Linux | =15.2 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.10 | |
McAfee ePolicy Orchestrator | =5.9.0 | |
McAfee ePolicy Orchestrator | =5.9.1 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
McAfee ePolicy Orchestrator | =5.10.0-update_7 | |
McAfee ePolicy Orchestrator | =5.10.0-update_8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-2755 is considered a medium severity vulnerability due to the potential for unexpected exceptions during regex processing in the Nashorn JavaScript engine.
You can fix CVE-2020-2755 by updating to the patched versions: 1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 or newer for OpenJDK.
CVE-2020-2755 affects various versions of OpenJDK and Oracle JDK including 1.8.0 and 11.0.x as well as IBM JDK.
CVE-2020-2755 is a flaw in the parsing of regular expressions in the Nashorn JavaScript engine.
Yes, CVE-2020-2755 could lead to denial of service due to unexpected exceptions during the processing of specially crafted regular expressions.