It exists that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle jdk 11.0.3 |
||
oracle jdk 12.0.1 |
||
oracle jre 12.0.1 |
||
oracle jre 11.0.3 |