Denial of Service Vulnerability in IBM Java Runtime
CVE-2011-0311

Currently unrated

Key Information:

Vendor: IBM
Status: Runtimes For Java Technology; Java
Vendor: CVE Published:; 2 September 2011

Summary

The class file parser in IBM Java Runtime versions prior to specified updates is susceptible to a Denial of Service condition. This issue arises when remote authenticated users provide a specially crafted attribute length field in a class file, leading to a buffer over-read. This vulnerability could result in JVM segmentation faults, excessive memory consumption, or an infinite loop, which disrupts normal operations and affects system availability.

References

http://lists.opensuse.org/opensuse-security-announce/2011...

vendor-advisoryx_refsource_SUSE

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602

vendor-advisoryx_refsource_AIXAPAR

http://www.redhat.com/support/errata/RHSA-2011-1159.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Sep 2, 2011
Vulnerability Reserved
Jan 6, 2011