REDHAT-BUG-1823216
First published: Sun Apr 12 2020(Updated: )
A flaw was found in the Serialization component of OpenJDK. The invokeWriteObject() method of the ObjectStreamClass method failed to catch InstantiationError exception during object stream deserialization, which could cause an unexpected exception to be raised when processing an untrusted serialized input.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:1508
- https://access.redhat.com/errata/RHSA-2020:1507
- https://access.redhat.com/errata/RHSA-2020:1506
- https://access.redhat.com/errata/RHSA-2020:1509
- https://access.redhat.com/errata/RHSA-2020:1512
- https://access.redhat.com/errata/RHSA-2020:1514
- https://access.redhat.com/security/cve/cve-2020-2757
- https://access.redhat.com/errata/RHSA-2020:1517
- https://access.redhat.com/errata/RHSA-2020:1516
- https://access.redhat.com/errata/RHSA-2020:1515
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/19f4afec0d04
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/a75922cb4096
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/1a95d48e5ff1
- https://access.redhat.com/errata/RHSA-2020:2236
- https://access.redhat.com/errata/RHSA-2020:2237
- https://access.redhat.com/errata/RHSA-2020:2239
- https://access.redhat.com/errata/RHSA-2020:2238
- https://access.redhat.com/errata/RHSA-2020:2241
- https://bugzilla.redhat.com/show_bug.cgi?id=1823216
Frequently Asked Questions
What is the severity of REDHAT-BUG-1823216?
The severity of REDHAT-BUG-1823216 is classified as important, as it can lead to unexpected exceptions during object stream deserialization.
How do I fix REDHAT-BUG-1823216?
To fix REDHAT-BUG-1823216, update to the patched version of Oracle OpenJDK as provided in the security advisories.
Which versions of OpenJDK are affected by REDHAT-BUG-1823216?
REDHAT-BUG-1823216 affects specific versions of Oracle OpenJDK, primarily around version 17.
What is the nature of the flaw in REDHAT-BUG-1823216?
The flaw in REDHAT-BUG-1823216 pertains to the Serialization component failing to handle InstantiationError exceptions during deserialization.
Can REDHAT-BUG-1823216 be exploited remotely?
Yes, REDHAT-BUG-1823216 can potentially be exploited remotely if an application is processing untrusted serialized data.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-2757
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17