VDB
CVE-2018-10237
CVE-2018-10237
PUBLISHED
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
EPSS 3.26% · 87.4th percentile
Risk Scores
EPSS Score
3.26%
87.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | guava-libraries | 0, 18.0-4ubuntu1, 19.0-1 |
| Ubuntu:20.04:LTS | guava-libraries | 19.0-1, 0 |
| Ubuntu:18.04:LTS | guava-libraries | 0, 19.0-1 |
| Ubuntu:14.04:LTS | guava-libraries | 15.0-2ubuntu1, 0, 14.0.1-1 |
Exploit Intelligence
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- ScanOssFunTest.kt (github-poc)
- ScanOssFunTest.kt (github-poc)
- ScanOssFunTest.kt (github-poc)
…and 25 more exploits
Timeline
- Apr 26, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-10237 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-10237 third-party-advisory