CVE-2019-2977

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.4 and 13

Description The issue is caused by a buffer overflow in the Hotspot component of Oracle Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service of Java SE. This issue applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets.

Recommendations For Java SE version 11.0.4, update to a version that includes the fix for this issue. For Java SE version 13, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to untrusted code in sandboxed environments until a patch is available.