Oracle Big Data Spatial and Graph Big Data Graph denial of service

A vulnerability was found in Oracle Big Data Spatial and Graph (Big Data Software) (unknown version) and classified as critical. This issue affects an unknown function of the component Big Data Graph. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 03:38 PM08/06/2022 03:43 PM
vendorOracleOracleOracle
nameBig Data Spatial and GraphBig Data Spatial and GraphBig Data Spatial and Graph
cveCVE-2021-42340CVE-2021-42340CVE-2021-42340
componentBig Data GraphBig Data GraphBig Data Graph
risk222
cwe404 (denial of service)404 (denial of service)404 (denial of service)
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
typeBig Data SoftwareBig Data SoftwareBig Data Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.87.87.8
cvss2_vuldb_tempscore6.86.86.8
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore7.27.27.2
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.27.27.3
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1634076000 (10/13/2021)1634076000 (10/13/2021)
cve_nvd_summaryThe fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!