{"id":"USN-3747-1","summary":"openjdk-lts vulnerabilities","details":"It was discovered that OpenJDK did not properly validate types in some\nsituations. An attacker could use this to construct a Java class that could\npossibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)\n\nIt was discovered that the PatternSyntaxException class in OpenJDK did not\nproperly validate arguments passed to it. An attacker could use this to\npotentially construct a class that caused a denial of service (excessive\nmemory consumption). (CVE-2018-2952)\n\nDaniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode\n(GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker\ncould use this to expose sensitive information. (CVE-2018-2972)\n","modified":"2026-02-10T04:41:23Z","published":"2018-08-21T04:38:54Z","related":["UBUNTU-CVE-2018-2825","UBUNTU-CVE-2018-2826","UBUNTU-CVE-2018-2952","UBUNTU-CVE-2018-2972"],"upstream":["CVE-2018-2825","CVE-2018-2826","CVE-2018-2952","CVE-2018-2972","UBUNTU-CVE-2018-2825","UBUNTU-CVE-2018-2826","UBUNTU-CVE-2018-2952","UBUNTU-CVE-2018-2972"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3747-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-2825"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-2826"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-2952"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-2972"}],"affected":[{"package":{"name":"openjdk-lts","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openjdk-lts@10.0.2+13-1ubuntu0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.2+13-1ubuntu0.18.04.1"}]}],"versions":["9.0.4+12-2ubuntu4","9.0.4+12-4ubuntu1","10~46-4ubuntu1","10~46-5ubuntu1","10.0.1+10-1ubuntu2","10.0.1+10-3ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"openjdk-11-demo","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-jdk","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-jdk-headless","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-jre","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-jre-headless","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-jre-zero","binary_version":"10.0.2+13-1ubuntu0.18.04.1"},{"binary_name":"openjdk-11-source","binary_version":"10.0.2+13-1ubuntu0.18.04.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-2825"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-2826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-2952"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-2972"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3747-1.json"}}],"schema_version":"1.7.3"}