CVE-2023-39410 in Oracle Business Intelligence Enterprise Editioninfo

Summary

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

Reservation

07/31/2023

Disclosure

10/25/2023

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251201	Oracle Business Intelligence Enterprise Edition Analytics Server denial of service	404	Not defined	Official fix	CVE-2023-39410
251175	Oracle Middleware Common Libraries and Tools Third Party denial of service	404	Not defined	Official fix	CVE-2023-39410
251169	Oracle Business Process Management Suite BPM Composer denial of service	404	Not defined	Official fix	CVE-2023-39410
240945	Apache Avro Java SDK deserialization	502	Not defined	Official fix	CVE-2023-39410

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!