Fluid Attacks Database

Description

A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.34-1.13.6.1.el5_11	1:1.6.0.34-1.13.6.1.el5_11
rpm rhel7	java-1.6.0-openjdk	<1:1.6.0.34-1.13.6.1.el7_0	1:1.6.0.34-1.13.6.1.el7_0
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.34-1.13.6.1.el6_6	1:1.6.0.34-1.13.6.1.el6_6
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.31-1.b13.el6_6	1:1.8.0.31-1.b13.el6_6
rpm rhel5	java-1.7.0-openjdk	<1:1.7.0.75-2.5.4.0.el5_11	1:1.7.0.75-2.5.4.0.el5_11
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.75-2.5.4.0.el6_6	1:1.7.0.75-2.5.4.0.el6_6
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.75-2.5.4.2.el7_0	1:1.7.0.75-2.5.4.2.el7_0

Aliases

1. CVE-2015-04102. NVD-2015-04103. OSV-2015-0410

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.