CVE-2018-10237

MEDIUM

Description

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

References

http://www.securitytracker.com/id/1041707

https://access.redhat.com/errata/RHSA-2018:2423

https://access.redhat.com/errata/RHSA-2018:2424

https://access.redhat.com/errata/RHSA-2018:2425

https://access.redhat.com/errata/RHSA-2018:2428

https://access.redhat.com/errata/RHSA-2018:2598

https://access.redhat.com/errata/RHSA-2018:2643

https://access.redhat.com/errata/RHSA-2018:2740

https://access.redhat.com/errata/RHSA-2018:2741

https://access.redhat.com/errata/RHSA-2018:2742

https://access.redhat.com/errata/RHSA-2018:2743

https://access.redhat.com/errata/RHSA-2018:2927

https://access.redhat.com/errata/RHSA-2019:2858

https://access.redhat.com/errata/RHSA-2019:3149

https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommon-dev.hadoop.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.cassandra.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cgitbox.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Chdfs-dev.hadoop.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cuser.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.syncope.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.flink.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.kafka.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/rc78f6e84f82cc66[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommon-dev.hadoop.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.cxf.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

Details

Source: MITRE

Published: 2018-04-26

Updated: 2020-08-14

Type: CWE-502

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

ID	Name	Product	Family	Severity
120756	Fedora 28 : guava20 (2018-bf292e6cdf)	Nessus	Fedora Local Security Checks	medium
120431	Fedora 28 : guava (2018-54a5bcc7e4)	Nessus	Fedora Local Security Checks	medium
118185	RHEL 7 : Satellite Server (RHSA-2018:2927)	Nessus	Red Hat Local Security Checks	high
117772	RHEL 6 : JBoss EAP (RHSA-2018:2743)	Nessus	Red Hat Local Security Checks	medium
117771	RHEL 7 : JBoss EAP (RHSA-2018:2741)	Nessus	Red Hat Local Security Checks	medium
117324	RHEL 7 : Virtualization (RHSA-2018:2643)	Nessus	Red Hat Local Security Checks	medium
112030	RHEL 7 : JBoss EAP (RHSA-2018:2424)	Nessus	Red Hat Local Security Checks	medium
112029	RHEL 6 : JBoss EAP (RHSA-2018:2423)	Nessus	Red Hat Local Security Checks	medium
109927	Fedora 27 : guava (2018-e4c2507720)	Nessus	Fedora Local Security Checks	medium
109804	Fedora 26 : guava (2018-db8f322bb0)	Nessus	Fedora Local Security Checks	medium