Description

It was discovered that the implementation of the CodeSource class in OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form.  An untrusted Java application or applet could use this flaw to cause JVM to allocate an excessive amount of memory, bypassing certain Java sandbox restrictions.