Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and RiccardoFocardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializingobjects from Java Cryptography Extension KeyStore . An attacker could use this to cause a denial of service .