Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-03916

Опубликовано: 18 окт. 2019
Источник: fstec
CVSS3: 3.7
CVSS2: 4.3
EPSS Низкий

Описание

Уязвимость компонента 2D программных платформ Oracle Java SE и Java SE Embedded связана с выделением неограниченной памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Вендор

Oracle Corp.
Red Hat Inc.
Сообщество свободного программного обеспечения
АО «Концерн ВНИИНС»

Наименование ПО

OpenJDK
Red Hat Enterprise Linux
Debian GNU/Linux
Java SE
Java SE Embedded
ОС ОН «Стрелец»

Версия ПО

1.7.0 (OpenJDK)
6 (Red Hat Enterprise Linux)
7 (Red Hat Enterprise Linux)
9 (Debian GNU/Linux)
8 (Red Hat Enterprise Linux)
8 (Debian GNU/Linux)
10 (Debian GNU/Linux)
7u231 (Java SE)
8u221 (Java SE)
11.0.4 (Java SE)
13 (Java SE)
1.8.0 (OpenJDK)
8u221 (Java SE Embedded)
11.0.4 (OpenJDK)
13.0.0 (OpenJDK)
до 16.01.2023 (ОС ОН «Стрелец»)

Тип ПО

Прикладное ПО информационных систем
Операционная система
ПО виртуализации/ПО виртуального программно-аппаратного средства

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 6
Red Hat Inc. Red Hat Enterprise Linux 7
Сообщество свободного программного обеспечения Debian GNU/Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
АО «Концерн ВНИИНС» ОС ОН «Стрелец» до 16.01.2023

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,3)
Низкий уровень опасности (базовая оценка CVSS 3.0 составляет 3,7)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html
Для Red Hat Enterprise Linux:
https://access.redhat.com/security/cve/cve-2019-2992
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2019-2992
Для ОС ОН «Стрелец»:
Обновление программного обеспечения openjdk-8 до версии 8u292-b10-repack1-0+deb9u1.osnova11

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 75%
0.00898
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2019-2992

CVSS3: 3.7
ubuntu
больше 6 лет назад

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vect...

redhat логотип

CVE-2019-2992

CVSS3: 3.7
redhat
больше 6 лет назад

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vect...

nvd логотип

CVE-2019-2992

CVSS3: 3.7
nvd
больше 6 лет назад

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:

debian логотип

CVE-2019-2992

CVSS3: 3.7
debian
больше 6 лет назад

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...

github логотип

GHSA-fmm9-3jqx-2m93

CVSS3: 3.7
github
больше 3 лет назад

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vect...

EPSS

Процентиль: 75%
0.00898
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2