CVE-2019-10648

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10648
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10648.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10648
Aliases
Downstream
Published
2019-03-30T13:29:00.657Z
Modified
2025-12-24T04:53:50.579268Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

References

Affected packages

Git / github.com/robo-code/robocode

Affected ranges

Type
GIT
Repo
https://github.com/robo-code/robocode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
836c84635e982e74f2f2771b2c8640c3a34221bd

Affected versions

1.*

1.9.2.6

Other

VER_1_7_4_3
VER_1_9_2_1
VER_1_9_2_2
VER_1_9_2_3
VER_1_9_2_4
VER_1_9_2_6
VER_1_9_3_2
VER_1_9_3_3
VER_1_9_3_5

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-19c5b73c",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319416978909958965226420392537562082546",
                "297009447134767115836245965826982975866",
                "76610973793967019529792412526365161458",
                "116645423806854039197887405458175645358",
                "92786844422096866111030552258442159297",
                "180388325876625515985449754933365726480",
                "122618747390277253111337632346280818874",
                "293053707693376044773250268863477593691",
                "33767840584924451035111573017065999749",
                "308109039430277146963629406654319623700",
                "129966624206338879427140724619773724571",
                "11723167308417213015365643502473623316",
                "66541664797573326696488953593119084436",
                "47377049407151084531840724231715392273",
                "334051121192816834164003787457893661149",
                "18646431191920042396464291436007602464",
                "31880445604926087649265803357417810277",
                "295298802407816291505910300352478832484",
                "212332791757765157763439317646787384345"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java",
            "function": "getExpectedErrors"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-1d692b6f",
        "signature_type": "Function",
        "digest": {
            "function_hash": "325007845331223946427106772113072304381",
            "length": 63.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-54290f34",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "245505440898332245135196841847174640761",
                "115069648562675576427121812544223412947",
                "162316734836134696231337617086182164326",
                "184337221076470009505041581779914310687",
                "264772566782017471242575012236286691277",
                "267284668185505948515522097544470259819",
                "3557389437101670592999615927554509546",
                "293053707693376044773250268863477593691",
                "33767840584924451035111573017065999749",
                "308109039430277146963629406654319623700",
                "129966624206338879427140724619773724571",
                "308001345933826045551074080398385290724",
                "165361047945414577481101095724070997455",
                "183423996935300550226365067074358108206",
                "18646431191920042396464291436007602464",
                "246690701030652552113630032709338653201",
                "198136196317821777974298479090389192298",
                "47878511317620651386638008419005254751"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java",
            "function": "onTurnEnded"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-609c20f1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "187166476824599931421708559517652605493",
            "length": 312.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java",
            "function": "runTeardown"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-9310e9b0",
        "signature_type": "Function",
        "digest": {
            "function_hash": "131608375113487988567534318017022234163",
            "length": 102.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-a5f09b9f",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "265390809661457429343908283964184367055",
                "151314116140128578616816670845433990495",
                "140146928787659818704913375981922701980",
                "61130740363712270112492362829344056397",
                "129077702702614226772613539073190292798",
                "245915808791736066965441936824962306712",
                "173470619856542301726114646798879240737",
                "130809302283615686410857276563941196534",
                "234126060141607029551953851491416649248",
                "230044840987450393053332139439210563648",
                "83665019497414992395161339042547588978",
                "129077702702614226772613539073190292798",
                "245915808791736066965441936824962306712",
                "173470619856542301726114646798879240737",
                "333262420194298399287243350311041691050",
                "277906728034418530513677561139445642939",
                "185951376892617556633247056911977772101",
                "239789505258013238564219943726691672728",
                "308417045762445038446649692686981495345",
                "235901862970329991568346005915905254542"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java",
            "function": "runTeardown"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-c044f418",
        "signature_type": "Function",
        "digest": {
            "function_hash": "307280377479086662750004809773534067435",
            "length": 181.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java",
            "function": "getExpectedErrors"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-d03a812c",
        "signature_type": "Function",
        "digest": {
            "function_hash": "212332922164119727551317486823254868583",
            "length": 63.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java",
            "function": "onTurnEnded"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-d61b6c22",
        "signature_type": "Function",
        "digest": {
            "function_hash": "168749979757091830733621539204162579561",
            "length": 416.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java",
            "function": "checkAccess"
        },
        "deprecated": false,
        "source": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd",
        "id": "CVE-2019-10648-ee4e8dc3",
        "signature_type": "Function",
        "digest": {
            "function_hash": "106830282079963368324989369247116010858",
            "length": 648.0
        }
    }
]