CVE-2017-10108 - log back

CVE-2017-10108 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted serialized input stream could cause JVM to consume an excessive amount of memory.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/936085d9aff0
Notes