{"id":"CVE-2024-20952","details":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).","modified":"2026-04-02T09:58:28.928575Z","published":"2024-01-16T22:15:42.477Z","related":["ALSA-2024:0248","ALSA-2024:0249","ALSA-2024:0265","ALSA-2024:0266","ALSA-2024:0267","CGA-23m8-4vxj-x8cg","MGASA-2024-0056","MGASA-2024-0061","SUSE-SU-2024:0203-1","SUSE-SU-2024:0321-1","SUSE-SU-2024:0325-1","SUSE-SU-2024:0479-1","SUSE-SU-2024:0605-1","SUSE-SU-2024:0619-1","SUSE-SU-2024:0804-1","SUSE-SU-2024:0847-1","openSUSE-SU-2024:13587-1","openSUSE-SU-2024:13594-1","openSUSE-SU-2024:13602-1","openSUSE-SU-2024:13654-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0002/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241108-0002/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2024.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"fixed":"5f0c2ee78ad738f96c63762c8464184ee63047ee"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"},{"introduced":"0"},{"last_affected":"b3447b939624c3756d8d2e0540628dd30880c8b6"}],"database_specific":{"versions":[{"introduced":"21"},{"fixed":"21.0.2"},{"introduced":"0"},{"last_affected":"17.0.9"},{"introduced":"0"},{"last_affected":"21.0.1"},{"introduced":"0"},{"last_affected":"17.0.9"},{"introduced":"0"},{"last_affected":"21.0.1"},{"introduced":"0"},{"last_affected":"17.0.9"},{"introduced":"0"},{"last_affected":"21.0.1"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk15u","events":[{"introduced":"0"},{"last_affected":"6412341d454eee8a151cf89b51cabfb7b3d87140"},{"introduced":"0"},{"last_affected":"e9a2e84e45e1120aa306a01dfb087200f6a7f903"},{"introduced":"0"},{"last_affected":"7c18f827d7f096cbeb96b086a8516754f0c70221"},{"introduced":"0"},{"last_affected":"27cab0e0c87f124277c7afeb5dd6a8750443804e"},{"introduced":"0"},{"last_affected":"d38a1f186d640dede9fccb727ec98db3a413f9d8"},{"introduced":"0"},{"last_affected":"0d3829a2c5a70961ffc539865adc1442c1a30bb1"},{"introduced":"0"},{"last_affected":"69efabad3d8a2ff47a62a4626c574a56edec1cfd"},{"introduced":"0"},{"last_affected":"ed6697aa20e3f9c17a496a544b10bfe3543de38f"},{"introduced":"0"},{"last_affected":"880e09412543af479bc335faeda6196489a2a045"},{"introduced":"0"},{"last_affected":"7517b9d19367e1f057e5450d7871135b5f878d02"},{"introduced":"0"},{"last_affected":"bd04d75035a888d5034c5f7e2e0508d1d28d14af"},{"introduced":"0"},{"last_affected":"34063e3656db6d0cadb9168f37024e6e66fc2372"},{"introduced":"0"},{"last_affected":"e7d87b234c444e39369e8575284f785c56113324"},{"introduced":"0"},{"last_affected":"81ecd2932e0caee8ed01955fccc9e958c6a5cda3"},{"introduced":"0"},{"last_affected":"e7187d14db3748428c4a312203549f7ee31d4471"},{"introduced":"0"},{"last_affected":"8261ee6da3c5843806c20808cc4206c73bb0efac"},{"introduced":"0"},{"last_affected":"1c11f83e9262d3bf07b9d095a7b1d3659f1f2a9e"},{"introduced":"0"},{"last_affected":"75c48b0d1b36d9361a412ee2db2f51b7d9b6ef1c"},{"introduced":"0"},{"last_affected":"7ba83041b1d65545833655293d0976dfd1ffdea8"},{"introduced":"0"},{"last_affected":"82d185e64838992b019c90133d508d479d5ced0a"},{"introduced":"0"},{"last_affected":"22e500e3a917594cd93baaf8b5c7d29360d250d1"},{"introduced":"0"},{"last_affected":"62007a12b80f381c687f60825b20fe0bbeeb5eaa"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8-update101"},{"introduced":"0"},{"last_affected":"8-update102"},{"introduced":"0"},{"last_affected":"8-update11"},{"introduced":"0"},{"last_affected":"8-update111"},{"introduced":"0"},{"last_affected":"8-update112"},{"introduced":"0"},{"last_affected":"8-update20"},{"introduced":"0"},{"last_affected":"8-update25"},{"introduced":"0"},{"last_affected":"8-update31"},{"introduced":"0"},{"last_affected":"8-update40"},{"introduced":"0"},{"last_affected":"8-update45"},{"introduced":"0"},{"last_affected":"8-update51"},{"introduced":"0"},{"last_affected":"8-update60"},{"introduced":"0"},{"last_affected":"8-update65"},{"introduced":"0"},{"last_affected":"8-update66"},{"introduced":"0"},{"last_affected":"8-update71"},{"introduced":"0"},{"last_affected":"8-update72"},{"introduced":"0"},{"last_affected":"8-update73"},{"introduced":"0"},{"last_affected":"8-update74"},{"introduced":"0"},{"last_affected":"8-update77"},{"introduced":"0"},{"last_affected":"8-update91"},{"introduced":"0"},{"last_affected":"8-update92"},{"introduced":"0"},{"last_affected":"10.0"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk8u","events":[{"introduced":"0"},{"last_affected":"772d2a8fc0f3a6ae5dfcb1cbffc40a7999349bc6"},{"introduced":"0"},{"last_affected":"9205c421f33fd1938450d211369d3e2b7aec573d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8-update121"},{"introduced":"0"},{"last_affected":"8-update131"}]}}],"versions":["graal-23.0.0","graal-23.0.1","graal-23.0.2","jdk-17.0.7","jdk-17.0.8","jdk-17.0.9","jdk-20.0.1","jdk-20.0.2","jdk-21.0.0","jdk-21.0.1","jdk7-b100","jdk7-b101","jdk7-b102","jdk7-b103","jdk7-b104","jdk7-b105","jdk7-b106","jdk7-b107","jdk7-b108","jdk7-b109","jdk7-b110","jdk7-b111","jdk7-b112","jdk7-b113","jdk7-b114","jdk7-b115","jdk7-b116","jdk7-b117","jdk7-b118","jdk7-b119","jdk7-b120","jdk7-b121","jdk7-b122","jdk7-b123","jdk7-b124","jdk7-b125","jdk7-b126","jdk7-b127","jdk7-b128","jdk7-b129","jdk7-b130","jdk7-b131","jdk7-b132","jdk7-b133","jdk7-b134","jdk7-b135","jdk7-b136","jdk7-b137","jdk7-b138","jdk7-b139","jdk7-b140","jdk7-b141","jdk7-b142","jdk7-b143","jdk7-b144","jdk7-b145","jdk7-b146","jdk7-b147","jdk7-b24","jdk7-b25","jdk7-b26","jdk7-b27","jdk7-b28","jdk7-b29","jdk7-b30","jdk7-b31","jdk7-b32","jdk7-b33","jdk7-b34","jdk7-b35","jdk7-b36","jdk7-b37","jdk7-b38","jdk7-b39","jdk7-b40","jdk7-b41","jdk7-b42","jdk7-b43","jdk7-b44","jdk7-b45","jdk7-b46","jdk7-b47","jdk7-b48","jdk7-b49","jdk7-b50","jdk7-b51","jdk7-b52","jdk7-b53","jdk7-b54","jdk7-b55","jdk7-b56","jdk7-b57","jdk7-b58","jdk7-b59","jdk7-b60","jdk7-b61","jdk7-b62","jdk7-b63","jdk7-b64","jdk7-b65","jdk7-b66","jdk7-b67","jdk7-b68","jdk7-b69","jdk7-b70","jdk7-b71","jdk7-b72","jdk7-b73","jdk7-b74","jdk7-b75","jdk7-b76","jdk7-b77","jdk7-b78","jdk7-b79","jdk7-b80","jdk7-b81","jdk7-b82","jdk7-b83","jdk7-b84","jdk7-b85","jdk7-b86","jdk7-b87","jdk7-b88","jdk7-b89","jdk7-b90","jdk7-b91","jdk7-b92","jdk7-b93","jdk7-b94","jdk7-b95","jdk7-b96","jdk7-b97","jdk7-b98","jdk7-b99","jdk8-b01","jdk8-b02","jdk8-b03","jdk8-b04","jdk8-b05","jdk8-b06","jdk8-b07","jdk8-b08","jdk8-b09","jdk8-b10","jdk8-b100","jdk8-b101","jdk8-b102","jdk8-b103","jdk8-b104","jdk8-b105","jdk8-b106","jdk8-b107","jdk8-b108","jdk8-b109","jdk8-b11","jdk8-b110","jdk8-b111","jdk8-b112","jdk8-b113","jdk8-b114","jdk8-b115","jdk8-b116","jdk8-b117","jdk8-b118","jdk8-b119","jdk8-b12","jdk8-b120","jdk8-b121","jdk8-b13","jdk8-b14","jdk8-b15","jdk8-b16","jdk8-b17","jdk8-b18","jdk8-b19","jdk8-b20","jdk8-b21","jdk8-b22","jdk8-b23","jdk8-b24","jdk8-b25","jdk8-b26","jdk8-b27","jdk8-b28","jdk8-b29","jdk8-b30","jdk8-b31","jdk8-b32","jdk8-b33","jdk8-b34","jdk8-b35","jdk8-b36","jdk8-b37","jdk8-b38","jdk8-b39","jdk8-b40","jdk8-b41","jdk8-b42","jdk8-b43","jdk8-b44","jdk8-b45","jdk8-b46","jdk8-b47","jdk8-b48","jdk8-b49","jdk8-b50","jdk8-b51","jdk8-b52","jdk8-b53","jdk8-b54","jdk8-b55","jdk8-b56","jdk8-b57","jdk8-b58","jdk8-b59","jdk8-b60","jdk8-b61","jdk8-b62","jdk8-b63","jdk8-b64","jdk8-b65","jdk8-b66","jdk8-b67","jdk8-b68","jdk8-b69","jdk8-b70","jdk8-b71","jdk8-b72","jdk8-b73","jdk8-b74","jdk8-b75","jdk8-b76","jdk8-b77","jdk8-b78","jdk8-b79","jdk8-b80","jdk8-b81","jdk8-b82","jdk8-b83","jdk8-b84","jdk8-b85","jdk8-b86","jdk8-b87","jdk8-b88","jdk8-b89","jdk8-b90","jdk8-b91","jdk8-b92","jdk8-b93","jdk8-b94","jdk8-b95","jdk8-b96","jdk8-b97","jdk8-b98","jdk8-b99","jdk8u5-b01","vm-19.3.0","vm-19.3.0.2","vm-19.3.1","vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-19.3.5","vm-19.3.6","vm-20.0.0","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-20.3.0","vm-20.3.1","vm-20.3.1.2","vm-20.3.2","vm-20.3.3","vm-20.3.4","vm-20.3.5","vm-20.3.6","vm-21.0.0","vm-21.0.0.2","vm-21.1.0","vm-21.2.0","vm-21.3.0","vm-21.3.1","vm-21.3.2","vm-21.3.3","vm-21.3.3.1","vm-22.0.0.2","vm-22.1.0","vm-22.2.0","vm-22.3.0","vm-22.3.1","vm-22.3.2","vm-22.3.3","vm-ce-21.2.0","vm-ce-22.3.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"11"},{"fixed":"11.0.24"}]},{"events":[{"introduced":"17"},{"fixed":"17.0.10"}]},{"events":[{"introduced":"0"},{"last_affected":"8-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone1"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone2"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone3"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone4"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone5"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone6"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone7"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone8"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone9"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update141"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update151"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update152"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update162"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update171"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update172"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update181"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update191"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update192"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update201"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update202"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update211"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update212"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update221"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update222"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update231"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update232"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update241"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update242"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update252"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update262"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update271"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update281"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update282"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update291"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update301"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update302"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update312"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update322"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update332"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update342"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update352"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update362"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update372"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update382"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update392"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b00"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b01"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b02"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b03"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b04"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update402\\-b05"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update5"}]},{"events":[{"introduced":"0"},{"last_affected":"20.3.12"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3.8"}]},{"events":[{"introduced":"0"},{"last_affected":"22.3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update391"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update391"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.21"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update391"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update391"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.21"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-20952.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}