CVE-2023-21835 — Uncontrolled Resource Consumption in Corporation Java SE JDK AND JRE

CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 76.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Azul Zulu Oracle Graalvm +2 more

Timeline

PublishedJan 18

Latest updateFeb 28

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to ca…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jre6 versions+5

▶NVDoracle/graalvm20.3.8, 21.3.4, 22.3.0+2

▶NVDoracle/jdk11.0.17, 17.0.5, 19.0.1+2

▶NVDoracle/jre11.0.17, 17.0.5, 19.0.1+2

▶NVDazul/zulu5 versions+4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

openjdk-17, openjdk-19, openjdk-lts vulnerabilities↗2023-02-28

▶

OSV

CVE-2023-21835: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)↗2023-01-18

▶

GHSA

GHSA-wqgc-h828-9g98: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)↗2023-01-18

▶

CVEList

CVE-2023-21835: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)↗2023-01-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2023-02-28

▶

Red Hat

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)↗2023-01-17

▶

Oracle

Oracle Oracle Java SE Risk Matrix: JSSE — CVE-2023-21835↗2023-01-15

▶

Debian

CVE-2023-21835: openjdk-11 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2023

▶