IBM OpenJDK: AtomicReferenceArray insufficient array type check

Solution Verified - Updated -

Issue

  • In IBM OpenJDK, the AtomicReferenceArray class implementation does not properly check if the array is of an expected object type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions.

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • java-1.6.0-ibm

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In