CVE-2011-0311

IBM Java < 1.4.2.13.8 and Runtimes < 5.0.12.4 - DoS via Crafted Class File

Title source: llm
STIX 2.1

Description

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

References (8)

Core 8
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1159.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65189
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620
Various Sources vendor-advisory x_refsource_aixapar
https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1265.html

Scores

EPSS 0.0178
EPSS Percentile 75.7%

Details

CWE
CWE-119
Status published
Products (29)
ibm/java 1.4.2
ibm/java 1.4.2.13
ibm/java 1.4.2.13.1
ibm/java 1.4.2.13.2
ibm/java 1.4.2.13.3
ibm/java 1.4.2.13.4
ibm/java 1.4.2.13.5
ibm/java 1.4.2.13.6
ibm/java 1.4.2.13.7
ibm/java < 1.4.2.13.8
... and 19 more
Published Sep 02, 2011
Tracked Since Feb 18, 2026