CVE-2018-10237

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-10237
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10237.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-10237
Aliases
Downstream
Related
Published
2018-04-26T21:29:00.230Z
Modified
2026-05-28T04:03:56.739299528Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "14.1.0"
                },
                {
                    "last_affected": "14.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:banking_payments",
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3.0"
                },
                {
                    "last_affected": "7.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_ip_service_activator",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "18.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:customer_management_and_segmentation_foundation",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.0.1"
                },
                {
                    "last_affected": "18c"
                },
                {
                    "last_affected": "19c"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:database_server",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.1.0"
                },
                {
                    "last_affected": "12.3.0"
                },
                {
                    "last_affected": "12.4.0"
                },
                {
                    "last_affected": "14.0.0"
                },
                {
                    "last_affected": "14.1.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:flexcube_investor_servicing",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.0.0"
                },
                {
                    "last_affected": "12.1.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:flexcube_private_banking",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "16.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:retail_integration_bus",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.1"
                },
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "16.0"
                },
                {
                    "last_affected": "17.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:retail_xstore_point_of_service",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:weblogic_server",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.0.0"
                },
                {
                    "last_affected": "6.4.0"
                },
                {
                    "last_affected": "7.1.0"
                },
                {
                    "last_affected": "6.0.0"
                },
                {
                    "last_affected": "6.4.0"
                },
                {
                    "last_affected": "6.0.0"
                },
                {
                    "last_affected": "6.4.0"
                },
                {
                    "last_affected": "7.1.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:jboss_enterprise_application_platform",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.11"
                },
                {
                    "last_affected": "4.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:openshift_container_platform",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "13"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:openstack",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.4"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:satellite",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.4"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:satellite_capsule",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "4.2"
                },
                {
                    "last_affected": "4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:virtualization",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "4.0"
                },
                {
                    "last_affected": "4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:virtualization_host",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/google/guava

Affected ranges

Type
GIT
Repo
https://github.com/google/guava
Events
Introduced
5a6bf80c7403d77df18adb41b5b15ea34d28186d
Fixed
49fad5af840b2a28dd0dc24ecfd58b4baa8d67bc
Database specific 
{
    "extracted_events": [
        {
            "introduced": "11.0"
        },
        {
            "fixed": "24.1.1"
        }
    ],
    "cpe": "cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10237.json"