Sign In

CVE-2018-10237

ADVISORY - github

Summary

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

EPSS Score: 0.03259 (0.868)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-770

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-502

Deserialization of Untrusted Data

CWE-770

Allocation of Resources Without Limits or Throttling

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2018-10237
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-770

CVSS SCORE

5.9medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-mvr2-9pj6-7w5j
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502CWE-770

CVSS SCORE

5.9medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2018-10237
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2018-10237
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9medium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2018-10237

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-770CWE-937

CVSS SCORE

5.9medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2018-10237
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-119

CVSS SCORE

5.9medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-4jxw-mwcp-83m9

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-6956-p4rg-3vgj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8223-gxg7-8cjf

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-j868-gr77-fcmw

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-mgq4-x983-74v2

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY