CVE-2017-10108

Source
Severity Medium
Remote Yes
Type Denial of service
Description
It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form.  A specially-crafted serialized input stream could cause JVM to consume an excessive amount of memory.
Group Package Affected Fixed Severity Status Ticket
AVG-380 jdk7-openjdk 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Date Advisory Group Package Severity Description
12 Aug 2017 ASA-201708-8 AVG-380 jdk7-openjdk Critical multiple issues
References
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/936085d9aff0