A flaw was found in the what the BeanContextSupport class in the Serialization component of OpenJDK handled exceptions during deserialization. A specially-crafted input could cause a Java application to use an excessive amount of resources when deserialized.
Public now via Oracle CPU January 2020: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA Fixed in Oracle Java SE 13.0.2, 11.0.6, 8u241, and 7u251.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0122
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0157
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0196
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0202
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0232 https://access.redhat.com/errata/RHSA-2020:0232
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0465 https://access.redhat.com/errata/RHSA-2020:0465
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0467 https://access.redhat.com/errata/RHSA-2020:0467
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0469 https://access.redhat.com/errata/RHSA-2020:0469
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0468 https://access.redhat.com/errata/RHSA-2020:0468
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0470 https://access.redhat.com/errata/RHSA-2020:0470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0541 https://access.redhat.com/errata/RHSA-2020:0541
OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a2adfda15140 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/b76e1348c535 OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/8310eda6b74b
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0632 https://access.redhat.com/errata/RHSA-2020:0632
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2583
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0856 https://access.redhat.com/errata/RHSA-2020:0856