CVE-2020-2654

Name
CVE-2020-2654
Description
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0122
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0128
Third Party Advisory https://www.debian.org/security/2020/dsa-4605
Issue Tracking https://seclists.org/bugtraq/2020/Jan/24
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0157
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0196
Third Party Advisory https://security.netapp.com/advisory/ntap-20200122-0003/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0202
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0232
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0231
Third Party Advisory https://usn.ubuntu.com/4257-1/
Third Party Advisory https://www.debian.org/security/2020/dsa-4621
Issue Tracking https://seclists.org/bugtraq/2020/Feb/22
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0541
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0632
Mailing List https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10315
Third Party Advisory https://security.gentoo.org/glsa/202101-19

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:* jdk == None == 1.7.0
cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:* jdk == None == 1.8.0
cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:* jdk == None == 11.0.5
cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:* jdk == None == 13.0.1
cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:* jre == None == 1.7.0
cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:* jre == None == 1.8.0
cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:* jre == None == 11.0.5
cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:* jre == None == 13.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status