CVE-2018-2629

Public on 2018-02-07
Modified on 2018-03-23
Description
It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.
Severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 java-1.8.0-openjdk 2018-02-07 17:47 ALAS2-2018-949
Amazon Linux 1 java-1.7.0-openjdk 2018-03-21 22:12 ALAS-2018-974
Amazon Linux 1 java-1.8.0-openjdk 2018-02-07 17:45 ALAS-2018-949

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
NVD CVSSv2 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N
NVD CVSSv3 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N