REDHAT-BUG-1823844
First published: Tue Apr 14 2020(Updated: )
A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:1508
- https://access.redhat.com/errata/RHSA-2020:1507
- https://access.redhat.com/errata/RHSA-2020:1506
- https://access.redhat.com/errata/RHSA-2020:1509
- https://access.redhat.com/errata/RHSA-2020:1512
- https://access.redhat.com/errata/RHSA-2020:1514
- https://access.redhat.com/security/cve/cve-2020-2805
- https://access.redhat.com/errata/RHSA-2020:1517
- https://access.redhat.com/errata/RHSA-2020:1516
- https://access.redhat.com/errata/RHSA-2020:1515
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/d56ef487dbcb
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/34bb0aa775b2
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/41d764523117
- https://access.redhat.com/errata/RHSA-2020:2236
- https://access.redhat.com/errata/RHSA-2020:2237
- https://access.redhat.com/errata/RHSA-2020:2239
- https://access.redhat.com/errata/RHSA-2020:2238
- https://access.redhat.com/errata/RHSA-2020:2241
- https://bugzilla.redhat.com/show_bug.cgi?id=1823844
Frequently Asked Questions
What is the severity of REDHAT-BUG-1823844?
The severity of REDHAT-BUG-1823844 is classified as high due to the potential for an untrusted Java application to bypass sandbox restrictions.
How do I fix REDHAT-BUG-1823844?
To fix REDHAT-BUG-1823844, update your OpenJDK version to the latest security patched release.
What versions of OpenJDK are affected by REDHAT-BUG-1823844?
OpenJDK 17 may be affected by REDHAT-BUG-1823844 as it contains the vulnerability in the MethodType class.
Can REDHAT-BUG-1823844 be exploited remotely?
Yes, REDHAT-BUG-1823844 can potentially be exploited remotely by untrusted Java applications or applets.
What components of OpenJDK are impacted by REDHAT-BUG-1823844?
The Libraries component of OpenJDK is impacted by the flaw described in REDHAT-BUG-1823844.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-2805
- agent/event
- agent/severity
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17