usn-3473-1
Vulnerability from osv_ubuntu
It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274)
Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10281)
It was discovered that the Remote Method Invocation (RMI) component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10285)
It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. (CVE-2017-10295)
Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects from Java Cryptography Extension KeyStore (JCEKS). An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10345)
It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10346)
Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10347)
It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10348, CVE-2017-10357)
It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10349)
It was discovered that the JAX-WS component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10350)
It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service (application hang). (CVE-2017-10355)
Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. (CVE-2017-10356)
Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. (CVE-2017-10388)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2017-10274",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10281",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10285",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10295",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10345",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10346",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10347",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10348",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10349",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10350",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10355",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10356",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10357",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10388",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openjdk-8-demo",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jdk",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jdk-headless",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jre",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jre-headless",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jre-jamvm",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-jre-zero",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
},
{
"binary_name": "openjdk-8-source",
"binary_version": "8u151-b12-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "openjdk-8",
"purl": "pkg:deb/ubuntu/openjdk-8@8u151-b12-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8u151-b12-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8u66-b01-5",
"8u72-b05-1ubuntu1",
"8u72-b05-5",
"8u72-b05-6",
"8u72-b15-1",
"8u72-b15-2ubuntu1",
"8u72-b15-2ubuntu3",
"8u72-b15-3ubuntu1",
"8u77-b03-1ubuntu2",
"8u77-b03-3ubuntu1",
"8u77-b03-3ubuntu2",
"8u77-b03-3ubuntu3",
"8u91-b14-0ubuntu4~16.04.1",
"8u91-b14-3ubuntu1~16.04.1",
"8u111-b14-2ubuntu0.16.04.2",
"8u121-b13-0ubuntu1.16.04.2",
"8u131-b11-0ubuntu1.16.04.2",
"8u131-b11-2ubuntu1.16.04.2",
"8u131-b11-2ubuntu1.16.04.3"
]
}
],
"aliases": [],
"details": "It was discovered that the Smart Card IO subsystem in OpenJDK did not\nproperly maintain state. An attacker could use this to specially construct\nan untrusted Java application or applet to gain access to a smart card,\nbypassing sandbox restrictions. (CVE-2017-10274)\n\nGaston Traberg discovered that the Serialization component of OpenJDK did\nnot properly limit the amount of memory allocated when performing\ndeserializations. An attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2017-10281)\n\nIt was discovered that the Remote Method Invocation (RMI) component in\nOpenJDK did not properly handle unreferenced objects. An attacker could use\nthis to specially construct an untrusted Java application or applet that\ncould escape sandbox restrictions. (CVE-2017-10285)\n\nIt was discovered that the HTTPUrlConnection classes in OpenJDK did not\nproperly handle newlines. An attacker could use this to convince a Java\napplication or applet to inject headers into http requests.\n(CVE-2017-10295)\n\nFrancesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi\ndiscovered that the Serialization component of OpenJDK did not properly\nrestrict the amount of memory allocated when deserializing objects from\nJava Cryptography Extension KeyStore (JCEKS). An attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2017-10345)\n\nIt was discovered that the Hotspot component of OpenJDK did not properly\nperform loader checks when handling the invokespecial JVM instruction. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions.\n(CVE-2017-10346)\n\nGaston Traberg discovered that the Serialization component of OpenJDK did\nnot properly limit the amount of memory allocated when performing\ndeserializations in the SimpleTimeZone class. An attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2017-10347)\n\nIt was discovered that the Serialization component of OpenJDK did not\nproperly limit the amount of memory allocated when performing\ndeserializations. An attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2017-10348, CVE-2017-10357)\n\nIt was discovered that the JAXP component in OpenJDK did not properly limit\nthe amount of memory allocated when performing deserializations. An\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2017-10349)\n\nIt was discovered that the JAX-WS component in OpenJDK did not properly\nlimit the amount of memory allocated when performing deserializations. An\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2017-10350)\n\nIt was discovered that the Networking component of OpenJDK did not properly\nset timeouts on FTP client actions. A remote attacker could use this to\ncause a denial of service (application hang). (CVE-2017-10355)\n\nFrancesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and\nTobias Ospelt discovered that the Security component in OpenJDK did not\nsufficiently protect password-based encryption keys in key stores. An\nattacker could use this to expose sensitive information. (CVE-2017-10356)\n\nJeffrey Altman discovered that the Kerberos client implementation in\nOpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A\nremote attacker could use this to impersonate trusted network services or\nperform other attacks. (CVE-2017-10388)\n",
"id": "USN-3473-1",
"modified": "2026-02-10T04:41:14Z",
"published": "2017-11-08T07:48:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3473-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10274"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10281"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10285"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10295"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10345"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10346"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10347"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10348"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10349"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10350"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10355"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10356"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10357"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10388"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openjdk-8 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2017-10274",
"UBUNTU-CVE-2017-10281",
"UBUNTU-CVE-2017-10285",
"UBUNTU-CVE-2017-10295",
"UBUNTU-CVE-2017-10345",
"UBUNTU-CVE-2017-10346",
"UBUNTU-CVE-2017-10347",
"UBUNTU-CVE-2017-10348",
"UBUNTU-CVE-2017-10349",
"UBUNTU-CVE-2017-10350",
"UBUNTU-CVE-2017-10355",
"UBUNTU-CVE-2017-10356",
"UBUNTU-CVE-2017-10357",
"UBUNTU-CVE-2017-10388"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.