It was discovered that the WindowsNativeDispatcher.asNativeBuffer() method in the Libraries component of OpenJDK did not check if the length of the input String did not exceed the maximum length that the method could handle correctly. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Public now via Oracle CPU October 2020: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA Fixed in Oracle Java SE 15.0.1, 11.0.9, 8u271, and 7u281.
This issue only affected the versions of OpenJDK running on the Microsoft Windows platform. It did not affect OpenJDK packages as shipped with Red Hat Enterprise Linux.
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/6ba85b2ad181 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/05922d77fc13
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14798