Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-10237

Published: 26/04/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Google

Vulnerability Summary

Unbounded memory allocation in Google Guava 11.0 up to and including 24.x prior to 24.1.1 allows remote malicious users to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google guava

redhat virtualization host 4.0

redhat virtualization 4.2

redhat openshift container platform 3.11

redhat satellite 6.4

redhat openstack 13

redhat satellite capsule 6.4

redhat jboss_enterprise_application_platform 6.0.0

redhat jboss_enterprise_application_platform 6.4.0

redhat jboss_enterprise_application_platform 7.1.0

redhat openshift_container_platform 4.1

redhat virtualization 4.0

redhat virtualization_host 4.0

oracle flexcube investor servicing 12.3.0

oracle flexcube investor servicing 12.1.0

oracle retail xstore point of service 15.0

oracle flexcube private banking 12.1.0

oracle retail xstore point of service 7.1

oracle flexcube private banking 12.0.0

oracle retail integration bus 15.0

oracle weblogic server 12.2.1.3.0

oracle database server 12.2.0.1

oracle flexcube investor servicing 12.4.0

oracle retail xstore point of service 16.0

oracle database server 18c

oracle flexcube investor servicing 14.0.0

oracle retail integration bus 16.0

oracle database server 19c

oracle flexcube investor servicing 14.1.0

oracle retail xstore point of service 17.0

oracle communications ip service activator 7.4.0

oracle communications ip service activator 7.3.0

oracle banking payments

oracle customer management and segmentation foundation 18.0

Vendor Advisories

Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a s ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 71 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer PortalRed Hat Product Security has rated this update as having a secu ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Satellite 6.4 security, bug fix, and enhancement update
Synopsis Important: Satellite 64 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update
Synopsis Important: OpenShift Container Platform logging-elasticsearch5-container security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as h ...
Red Hat: Important: rhvm-appliance security update
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: opendaylight security and bug fix update
Synopsis Moderate: opendaylight security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for OpenDaylight is now available for Red Hat OpenStack Platform130 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Sc ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat Single Sign-On 7.2.4 security update
Synopsis Important: Red Hat Single Sign-On 724 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 72 from theCustomer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update
Synopsis Important: OpenShift Container Platform 4118 logging-elasticsearch5 security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as havin ...
Red Hat: Important: EAP Continuous Delivery Technical Preview Release 13 security update
Synopsis Important: EAP Continuous Delivery Technical Preview Release 13 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 130Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: CVE-2018-10237
A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation A crafted message could cause the server to consume all available memory or crash leading to a denial of service ...

Github Repositories

https://github.com/surajbabar/dependency-demo-app

Demo project to show different ways of fixing vulnerabilities found in Maven based java project.

dependency-demo-app Demo project to show different ways of fixing vulnerabilities found in Maven based java project Run Dependency check with following Command mvn orgowasp:dependency-check-maven:check The result will be generated at target/dependency-check-reporthtml Different kinds of vulnerabilities and ways to fix them Vulnerability Category Vulnerable dependenc

https://github.com/singhkranjan/vulnapp

vulnerable application

dependency-demo-app Demo project to show different ways of fixing vulnerabilities found in Maven based java project Run Dependency check with following Command mvn orgowasp:dependency-check-maven:check The result will be generated at target/dependency-check-reporthtml Different kinds of vulnerabilities and ways to fix them Vulnerability Category Vulnerable dependenc

References

CWE-770https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussionhttps://access.redhat.com/errata/RHSA-2018:2428https://access.redhat.com/errata/RHSA-2018:2425https://access.redhat.com/errata/RHSA-2018:2424https://access.redhat.com/errata/RHSA-2018:2423https://access.redhat.com/errata/RHSA-2018:2598https://access.redhat.com/errata/RHSA-2018:2643https://access.redhat.com/errata/RHSA-2018:2743https://access.redhat.com/errata/RHSA-2018:2742https://access.redhat.com/errata/RHSA-2018:2741https://access.redhat.com/errata/RHSA-2018:2740http://www.securitytracker.com/id/1041707https://access.redhat.com/errata/RHSA-2018:2927https://access.redhat.com/errata/RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:3149https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://security.netapp.com/advisory/ntap-20220629-0008/https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3Ehttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3Ehttps://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3Ehttps://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3Ehttps://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3Ehttps://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3Ehttps://nvd.nist.govhttps://github.com/surajbabar/dependency-demo-apphttps://access.redhat.com/errata/RHSA-2018:2424https://access.redhat.com/security/cve/cve-2018-10237
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook