---

CVE-2017-10108 - log back

CVE-2017-10108 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted serialized input stream could cause JVM to consume an excessive amount of memory.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/936085d9aff0
Notes