CVE-2018-10237
Description
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.259
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple Vulnerabilities are affected in Oracle 12.2.0.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle 18c | Windows |
| Multiple Vulnerabilities are affected in Oracle 19c | Windows |
| Vulnerabilities CVE-2018-10237 are fixed in Google-guava 24.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.4.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.10 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.21 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.2.0.1 | Windows |
| Vulnerabilities CVE-2018-10237 are affected in Google - guava-jdk5 17.0 | Windows |
| Vulnerabilities CVE-2018-10237 are affected in Google - guava-osgi 11.0.1 | Windows |
| Vulnerabilities CVE-2018-10237 are affected in Mhus - vaadin-shared-deps 7.4.0 | Windows |
| Vulnerabilities CVE-2018-10237 are affected in Hudsonci - guava 14.0.1 | Windows |
| Vulnerabilities CVE-2018-10237 are affected in Sonatype - sisu-guava 0.11.1 | Windows |
| Vulnerabilities CVE-2018-10237 are fixed in Google-guava for Linux 24.1.1 | Linux |
| Vulnerabilities CVE-2018-10237 are affected in Google - guava-jdk5 for Linux 17.0 | Linux |
| Vulnerabilities CVE-2018-10237 are affected in Google - guava-osgi for Linux 11.0.1 | Linux |
| Vulnerabilities CVE-2018-10237 are affected in Mhus - vaadin-shared-deps for Linux 7.4.0 | Linux |
| Vulnerabilities CVE-2018-10237 are affected in Hudsonci - guava for Linux 14.0.1 | Linux |
| Vulnerabilities CVE-2018-10237 are affected in Sonatype - sisu-guava for Linux 0.11.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234