CVE-2018-10237

MEDIUMMonitor

Published:Apr 26, 2018(8 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo Interaction

Vulnerability Description

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
google	guava	11.0 - 24.1.1	-
redhat	openshift_container_platform	-	-
redhat	openstack	-

Timeline

Published
CVE disclosed publicly
Apr 26, 20188 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

106

http://www.securitytracker.com/id/1041707Broken Link
https://access.redhat.com/errata/RHSA-2018:2423Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2424Third Party Advisory

CVSS Score

v3.1

5.9/ 10.0

MEDIUM

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

At a Glance

Affected Products

106

References

google / guava

https://access.redhat.com/errata/RHSA-2018:2425Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2428Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2598Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2643Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2740Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2741Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2742Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2743Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2927Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory

https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussio...Vendor Advisory

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f...

https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed88...

https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f0937...

https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109...

https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd...

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a...

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca6680...

https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c...

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609...

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5...

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d7...

https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd8...

https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d...

https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffe...

https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c58289962...

https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad7...

https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca...

https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766...

https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d...

https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910...

https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683...

https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00...

https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e...

https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b65...

https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102...

https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc8...

https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b...

https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969...

https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1...

https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea...

https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead...

https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e7...

https://security.netapp.com/advisory/ntap-20220629-0008/

https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch

https://www.oracle.com/security-alerts/cpujan2021.htmlPatch

https://www.oracle.com/security-alerts/cpujul2020.htmlPatch

https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch

http://www.securitytracker.com/id/1041707Broken Link

https://access.redhat.com/errata/RHSA-2018:2423Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2424Third Party Advisory