google guava CVE-2018-10237 vulnerability in Google and Other Products
Published on April 26, 2018

product logo product logo product logo product logo
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2018-10237

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10237 are published in these products:

Google Guava
 
Oracle Banking Payments
 
Oracle Communications Ip Service Activator
 
Oracle Customer Management Segmentation Foundation
 
Oracle Database Server
 
Oracle Flexcube Investor Servicing
 
Oracle Flexcube Private Banking
 
Oracle Retail Integration Bus
 
Oracle Retail Xstore Point Of Service
 
Oracle Weblogic Server
 
Red Hat Openshift Container Platform
 
Red Hat Openstack
 
Red Hat Satellite
 
Red Hat Satellite Capsule
 
Red Hat Virtualization
 
Red Hat Virtualization Host
 

Exploit Probability

EPSS
3.26%
Percentile
86.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.