CVE-2011-0311 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-0311 PUBLISHED CVSS 3.5 LOW

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

EPSS 0.79% · 73.7th percentile

Risk Scores

CVSS v2.0

3.5

EPSS Score

0.79%

73.7th percentile

Affected Products

Vendor	Product	Versions
ibm	java	1.4.2.13.7, 0, 1.4.2
ibm	runtimes_for_java_technology	5.0.12.3, 6.0.0, 6.0.1.0
n/a	n/a	n/a

Timeline

Sep 2, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

SUSE-SU-2011:0823 vendor-advisory
IZ89602 vendor-advisory
RHSA-2011:1159 vendor-advisory
ibm-rjt-classfile-dos(65189) vdb
IZ89620 vendor-advisory
PM42551 vendor-advisory
SUSE-SA:2011:024 vendor-advisory
RHSA-2011:1265 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-0311 advisory

Open in Interactive Console →