Back to search
CVE-2018-10237
Published: Apr 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2018:2428
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2740
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2741
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2742
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2598
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2643
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2424
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2423
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2425
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
1041707
vdb-entry
x_refsource_SECTRACK
RHSA-2018:2743
vendor-advisory
x_refsource_REDHAT
[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project
mailing-list
x_refsource_MLIST
[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project
mailing-list
x_refsource_MLIST
[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0
mailing-list
x_refsource_MLIST
[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3
mailing-list
x_refsource_MLIST
RHSA-2019:2858
vendor-advisory
x_refsource_REDHAT
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
mailing-list
x_refsource_MLIST
RHSA-2019:3149
vendor-advisory
x_refsource_REDHAT
[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237
mailing-list
x_refsource_MLIST
[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237
mailing-list
x_refsource_MLIST
[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237
mailing-list
x_refsource_MLIST
[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka
mailing-list
x_refsource_MLIST
[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237
mailing-list
x_refsource_MLIST
[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237
mailing-list
x_refsource_MLIST
[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
x_refsource_CONFIRM
[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version
mailing-list
x_refsource_MLIST
[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version
mailing-list
x_refsource_MLIST
[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency
mailing-list
x_refsource_MLIST
[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency
mailing-list
x_refsource_MLIST
[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency
mailing-list
x_refsource_MLIST
[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability
mailing-list
x_refsource_MLIST
[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220629-0008/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now