---

CVE-2017-10111 - log back

CVE-2017-10111 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ It was discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An untrusted Java application or applet could use this flaw to corrupt JVM memory and cause it to crash or, possibly, execute arbitrary code, bypassing Java sandbox restrictions. The problem is triggered when using MethodHandle.permuteArguments().
References	+ http://hg.openjdk.java.net/jdk9/dev/jdk/rev/9003926e4a8a
Notes