Candidate: CVE-2019-10648
PublicDate: 2019-03-30 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10648
 https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f
 https://sourceforge.net/p/robocode/bugs/406/
Description:
 Robocode through 1.9.3.5 allows remote attackers to cause external service
 interaction (DNS), as demonstrated by a query for a unique subdomain name
 within an attacker-controlled DNS zone, because of a .openStream call
 within java.net.URL.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926088
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_robocode:
upstream_robocode: needs-triage
precise/esm_robocode: DNE
trusty_robocode: ignored (reached end-of-life)
trusty/esm_robocode: DNE (trusty was needs-triage)
xenial_robocode: ignored (end of standard support, was needed)
bionic_robocode: needed
cosmic_robocode: ignored (reached end-of-life)
disco_robocode: released (1.9.3.3-2)
eoan_robocode: not-affected (1.9.3.3-2)
focal_robocode: not-affected (1.9.3.3-2)
groovy_robocode: not-affected (1.9.3.3-2)
hirsute_robocode: not-affected (1.9.3.3-2)
impish_robocode: not-affected (1.9.3.3-2)
jammy_robocode: not-affected (1.9.3.3-2)
devel_robocode: not-affected (1.9.3.3-2)