CVE-2020-14579

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251

Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by an unauthenticated attacker with network access via multiple protocols, potentially leading to a partial denial of service. This vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Java SE versions 7u261 and 8u251, consider disabling the use of the Libraries component until a patch is available. For Java SE Embedded version 8u251, restrict access to the vulnerable component to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable APIs in the specified component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.