CVE-2024-21144Improper Validation of Specified Quantity in Input in Corporation Java SE JDK AND JRE

CWE-1284Improper Validation of Specified Quantity in Input11 documents8 sources
Severity
3.7LOWNVD
EPSS
0.0%
top 85.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Corporation Java SE JDK AND JREOracle GraalvmOracle JDK+1 more
Timeline
PublishedJul 16
Latest updateNov 11

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauth

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDoracle/graalvm20.3.14, 21.3.10+1
NVDoracle/jdk1.8.0, 11.0.23+1
NVDoracle/jre1.8.0, 11.0.23+1

🔴Vulnerability Details

3
GHSA
GHSA-w7m5-fr55-qch7: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency)2024-07-17
CVEList
CVE-2024-21144: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency)2024-07-16
OSV
CVE-2024-21144: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency)2024-07-16

📋Vendor Advisories

7
Ubuntu
OpenJDK 11 vulnerabilities2024-11-11
Ubuntu
OpenJDK 8 vulnerabilities2024-11-11
Ubuntu
OpenJDK 11 vulnerabilities2024-07-31
Ubuntu
OpenJDK 8 vulnerabilities2024-07-31
Red Hat
OpenJDK: Pack200 increase loading time due to improper header validation (8322106)2024-07-16
CVE-2024-21144 — LOW severity | cvebase