oss-sec mailing list archives
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs)
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 12 Sep 2012 09:35:26 +0200
On 09/11/2012 11:37 PM, Steven M. Christey wrote:
I wonder about the severity of the issue, but given the possibility that applications might access an array before a fill, and applications may depend on there being "empty" elements after initialization, this seems reasonable for a CVE.
My main concern is that untrusted code (in an applet or application server) could use this issue to access private data which was previously stored at the same location.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky (Sep 11)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried (Sep 11)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Steven M. Christey (Sep 11)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Florian Weimer (Sep 12)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky (Sep 12)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried (Sep 12)
- Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Tomas Hoger (Sep 20)