First published: Tue Apr 14 2020(Updated: )
A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 |
redhat/java | <1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10 | 1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 |
redhat/java | <1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8 | 1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8 |
redhat/java | <11-openjdk-1:11.0.7.10-4.el7_8 | 11-openjdk-1:11.0.7.10-4.el7_8 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_1 | 11-openjdk-1:11.0.7.10-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.10-1.el8_2 | 1.8.0-ibm-1:1.8.0.6.10-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 | 1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_0 | 11-openjdk-1:11.0.7.10-1.el8_0 |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25~5ea-1 | |
debian/openjdk-8 | 8u422-b05-1 | |
IBM Engineering Requirements Quality Assistant | <=All | |
Oracle OpenJDK 1.8.0 | =1.7.0-update251 | |
Oracle OpenJDK 1.8.0 | =1.8.0-update241 | |
Oracle OpenJDK 1.8.0 | =11.0.6 | |
Oracle OpenJDK 1.8.0 | =14.0.0 | |
Oracle JRE | =1.7.0-update_251 | |
Oracle JRE | =1.8.0-update_241 | |
Oracle JRE | =11.0.6 | |
Oracle JRE | =14.0.0 | |
OpenJDK 8 | >=11<=11.0.6 | |
OpenJDK 8 | >=13<=13.0.2 | |
OpenJDK 8 | =7 | |
OpenJDK 8 | =7-update1 | |
OpenJDK 8 | =7-update10 | |
OpenJDK 8 | =7-update101 | |
OpenJDK 8 | =7-update11 | |
OpenJDK 8 | =7-update111 | |
OpenJDK 8 | =7-update121 | |
OpenJDK 8 | =7-update13 | |
OpenJDK 8 | =7-update131 | |
OpenJDK 8 | =7-update141 | |
OpenJDK 8 | =7-update15 | |
OpenJDK 8 | =7-update151 | |
OpenJDK 8 | =7-update161 | |
OpenJDK 8 | =7-update17 | |
OpenJDK 8 | =7-update171 | |
OpenJDK 8 | =7-update181 | |
OpenJDK 8 | =7-update191 | |
OpenJDK 8 | =7-update2 | |
OpenJDK 8 | =7-update201 | |
OpenJDK 8 | =7-update21 | |
OpenJDK 8 | =7-update211 | |
OpenJDK 8 | =7-update221 | |
OpenJDK 8 | =7-update231 | |
OpenJDK 8 | =7-update241 | |
OpenJDK 8 | =7-update25 | |
OpenJDK 8 | =7-update251 | |
OpenJDK 8 | =7-update3 | |
OpenJDK 8 | =7-update4 | |
OpenJDK 8 | =7-update40 | |
OpenJDK 8 | =7-update45 | |
OpenJDK 8 | =7-update5 | |
OpenJDK 8 | =7-update51 | |
OpenJDK 8 | =7-update55 | |
OpenJDK 8 | =7-update6 | |
OpenJDK 8 | =7-update60 | |
OpenJDK 8 | =7-update65 | |
OpenJDK 8 | =7-update67 | |
OpenJDK 8 | =7-update7 | |
OpenJDK 8 | =7-update72 | |
OpenJDK 8 | =7-update76 | |
OpenJDK 8 | =7-update80 | |
OpenJDK 8 | =7-update85 | |
OpenJDK 8 | =7-update9 | |
OpenJDK 8 | =7-update91 | |
OpenJDK 8 | =7-update95 | |
OpenJDK 8 | =7-update97 | |
OpenJDK 8 | =7-update99 | |
OpenJDK 8 | =8 | |
OpenJDK 8 | =8-update101 | |
OpenJDK 8 | =8-update102 | |
OpenJDK 8 | =8-update11 | |
OpenJDK 8 | =8-update111 | |
OpenJDK 8 | =8-update112 | |
OpenJDK 8 | =8-update121 | |
OpenJDK 8 | =8-update131 | |
OpenJDK 8 | =8-update141 | |
OpenJDK 8 | =8-update151 | |
OpenJDK 8 | =8-update152 | |
OpenJDK 8 | =8-update161 | |
OpenJDK 8 | =8-update162 | |
OpenJDK 8 | =8-update171 | |
OpenJDK 8 | =8-update172 | |
OpenJDK 8 | =8-update181 | |
OpenJDK 8 | =8-update191 | |
OpenJDK 8 | =8-update192 | |
OpenJDK 8 | =8-update20 | |
OpenJDK 8 | =8-update201 | |
OpenJDK 8 | =8-update202 | |
OpenJDK 8 | =8-update211 | |
OpenJDK 8 | =8-update212 | |
OpenJDK 8 | =8-update221 | |
OpenJDK 8 | =8-update231 | |
OpenJDK 8 | =8-update241 | |
OpenJDK 8 | =8-update25 | |
OpenJDK 8 | =8-update31 | |
OpenJDK 8 | =8-update40 | |
OpenJDK 8 | =8-update45 | |
OpenJDK 8 | =8-update5 | |
OpenJDK 8 | =8-update51 | |
OpenJDK 8 | =8-update60 | |
OpenJDK 8 | =8-update65 | |
OpenJDK 8 | =8-update66 | |
OpenJDK 8 | =8-update71 | |
OpenJDK 8 | =8-update72 | |
OpenJDK 8 | =8-update73 | |
OpenJDK 8 | =8-update74 | |
OpenJDK 8 | =8-update77 | |
OpenJDK 8 | =8-update91 | |
OpenJDK 8 | =8-update92 | |
OpenJDK 8 | =14 | |
NetApp 7-Mode Transition Tool | ||
NetApp Active IQ Unified Manager | >=7.3 | |
NetApp Active IQ Unified Manager | >=9.5 | |
NetApp Cloud Backup | ||
NetApp E-Series Performance Analyzer | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
NetApp E-Series SANtricity Web Services | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
NetApp Plug-in for Symantec NetBackup | ||
NetApp E-Series SANtricity Unified Manager | ||
NetApp SnapManager for SAP | ||
NetApp SnapManager for Oracle | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp StorageGrid | >=9.0.0<=9.0.4 | |
NetApp StorageGrid | ||
Debian | =8.0 | |
Debian | =9.0 | |
Debian | =10.0 | |
Fedora | =30 | |
Fedora | =31 | |
Fedora | =32 | |
SUSE Linux | =15.1 | |
SUSE Linux | =15.2 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-2803 is a vulnerability in the Java SE and Java SE Embedded product of Oracle Java SE that allows an unauthenticated attacker with network access.
The affected versions of Java SE are 7u251, 8u241, 11.0.6, and 14.
The affected version of Java SE Embedded is 8u241.
The severity of CVE-2020-2803 is high with a severity value of 7.
To fix the CVE-2020-2803 vulnerability, update to the following versions: Java SE 7u252, 8u252, 11.0.7, and 14.0.1.