First published: Fri Aug 10 2018(Updated: )
It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to possibly construct a class that caused a denial of service (excessive memory consumption).
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/openjdk-8-jdk | <8u181-b13-0ubuntu0.16.04.1 | 8u181-b13-0ubuntu0.16.04.1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/openjdk-8-jre | <8u181-b13-0ubuntu0.16.04.1 | 8u181-b13-0ubuntu0.16.04.1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/openjdk-8-jre-headless | <8u181-b13-0ubuntu0.16.04.1 | 8u181-b13-0ubuntu0.16.04.1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/openjdk-8-jre-jamvm | <8u181-b13-0ubuntu0.16.04.1 | 8u181-b13-0ubuntu0.16.04.1 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-3734-1.
The title of the vulnerability is USN-3734-1: OpenJDK 8 vulnerability.
The vulnerability allows an attacker to construct a class that causes a denial of service by consuming excessive memory.
The affected software versions are OpenJDK 8u181-b13-0ubuntu0.16.04.1 on Ubuntu 16.04.
To fix this vulnerability, update to OpenJDK 8u181-b13-0ubuntu0.16.04.1 or later.