CVE-2018-2952
Description
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
120- Range: R28.3.18
- Range: 6u191, 7u181, 8u172, 10.0.1
- Range: 8u171
- osv-coords116 versionspkg:apk/chainguard/corretto-8pkg:apk/chainguard/corretto-8-dbgpkg:apk/chainguard/corretto-8-default-jdkpkg:apk/chainguard/corretto-8-default-jvmpkg:apk/chainguard/corretto-8-demospkg:apk/chainguard/corretto-8-docpkg:apk/chainguard/corretto-8-jrepkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-default-policypkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-default-policypkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-default-policypkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8pkg:apk/chainguard/openjdk-8-dbgpkg:apk/chainguard/openjdk-8-default-jdkpkg:apk/chainguard/openjdk-8-default-jvmpkg:apk/chainguard/openjdk-8-demospkg:apk/chainguard/openjdk-8-docpkg:apk/chainguard/openjdk-8-jrepkg:apk/chainguard/openjdk-8-jre-basepkg:apk/chainguard/openjdk-8-jre-libpkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:apk/wolfi/openjdk-8pkg:apk/wolfi/openjdk-8-dbgpkg:apk/wolfi/openjdk-8-default-jdkpkg:apk/wolfi/openjdk-8-default-jvmpkg:apk/wolfi/openjdk-8-demospkg:apk/wolfi/openjdk-8-docpkg:apk/wolfi/openjdk-8-jrepkg:apk/wolfi/openjdk-8-jre-basepkg:apk/wolfi/openjdk-8-jre-libpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-15-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-10-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207
< 8.462.08.1-r2+ 115 more
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 11.0.12.0-3.1
- (no CPE)range: < 13.0.8.0-3.1
- (no CPE)range: < 15.0.4.0-2.1
- (no CPE)range: < 1.8.0.302-2.2
- (no CPE)range: < 10.0.2.0-3.3.3
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.0.201-43.18.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-3.6.2
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-3.10.1
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- (no CPE)range: < 1.8.0.181-27.26.2
- Range: Java SE: 6u191
Patches
Vulnerability mechanics
References
27- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2018:2241nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2242nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2253nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2254nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2255nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2256nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2283nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2286nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2568nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2569nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2575nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2576nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2712nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2713nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3007nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3008nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00026.htmlnvdMailing ListThird Party Advisory
- security.netapp.com/advisory/ntap-20180726-0001/nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- usn.ubuntu.com/3734-1/nvdThird Party Advisory
- usn.ubuntu.com/3735-1/nvdThird Party Advisory
- usn.ubuntu.com/3747-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4268nvdThird Party Advisory
- www.securityfocus.com/bid/104765nvdBroken Link
- www.securitytracker.com/id/1041302nvdBroken Link
News mentions
0No linked articles in our index yet.