CVE-2011-0311
IBM Java < 1.4.2.13.8 and Runtimes < 5.0.12.4 - DoS via Crafted Class File
Title source: llmDescription
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
References (8)
Core 8
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1159.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65189
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620
Various Sources vendor-advisory
x_refsource_aixapar
https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1265.html
Scores
EPSS
0.0178
EPSS Percentile
75.7%
Details
CWE
CWE-119
Status
published
Products (29)
ibm/java
1.4.2
ibm/java
1.4.2.13
ibm/java
1.4.2.13.1
ibm/java
1.4.2.13.2
ibm/java
1.4.2.13.3
ibm/java
1.4.2.13.4
ibm/java
1.4.2.13.5
ibm/java
1.4.2.13.6
ibm/java
1.4.2.13.7
ibm/java
< 1.4.2.13.8
... and 19 more
Published
Sep 02, 2011
Tracked Since
Feb 18, 2026