Bug 1891135 (CVE-2020-14798) - CVE-2020-14798 OpenJDK: Missing maximum length check in WindowsNativeDispatcher.asNativeBuffer() (Libraries, 8242695)
Summary: CVE-2020-14798 OpenJDK: Missing maximum length check in WindowsNativeDispatch...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-14798
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1876666
TreeView+ depends on / blocked
 
Reported: 2020-10-23 20:54 UTC by Tomas Hoger
Modified: 2020-12-07 21:08 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-24 02:21:14 UTC


Attachments (Terms of Use)

Description Tomas Hoger 2020-10-23 20:54:11 UTC
It was discovered that the WindowsNativeDispatcher.asNativeBuffer() method in the Libraries component of OpenJDK did not check if the length of the input String did not exceed the maximum length that the method could handle correctly.  An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.

Comment 1 Tomas Hoger 2020-10-23 20:55:17 UTC
Public now via Oracle CPU October 2020:

https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

Fixed in Oracle Java SE 15.0.1, 11.0.9, 8u271, and 7u281.

Comment 2 Tomas Hoger 2020-10-23 20:56:51 UTC
This issue only affected the versions of OpenJDK running on the Microsoft Windows platform.  It did not affect OpenJDK packages as shipped with Red Hat Enterprise Linux.

Comment 3 Tomas Hoger 2020-10-23 21:12:33 UTC
OpenJDK-11 upstream commit:
http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/6ba85b2ad181

OpenJDK-8 upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/05922d77fc13

Comment 4 Product Security DevOps Team 2020-10-24 02:21:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-14798


Note You need to log in before you can comment on or make changes to this bug.