- CVE-2018-3274 CVE-2018-3275 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network. - CVE-2018-3276 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network. - CVE-2018-3277 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network

The version of Oracle Java is affected by multiple vulnerabilities

The vulnerabilities are found at the Graal compiler, which is used by many applications. The Graal compiler can be exploited when it handles classloading. All versions of Oracle Java SE and Java SE Embedded 7 are susceptible to exploitation.

This blog post was created by Bridget G.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References