Resource exhaustion in Google Guava
CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the Atomic…
EPSS: 0.051 (91.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Google Guava
- Oracle Banking_payments
- Oracle Communications_ip_service_activator — versions 7.3.0, 7.4.0
- Oracle Customer_management_and_segmentation_foundation — versions 18.0
- Oracle Database_server — versions 12.2.0.1, 18c, 19c
- Oracle Flexcube_investor_servicing — versions 12.1.0, 12.3.0, 12.4.0
- Oracle Flexcube_private_banking — versions 12.0.0, 12.1.0
- Oracle Retail_integration_bus — versions 15.0, 16.0
- Oracle Retail_xstore_point_of_service — versions 7.1, 15.0, 16.0
- Oracle Weblogic_server — versions 12.2.1.3.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2018-10237?
- CVE-2018-10237 is a medium-severity vulnerability in Google Guava, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.9/10. Published 2018-04-26.
- How severe is CVE-2018-10237?
- Medium severity. CVSS v3 base score is 5.9 out of 10.
- Is CVE-2018-10237 known to be exploited?
- 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.