{"id":"USN-6932-1","summary":"openjdk-21 vulnerabilities","details":"It was discovered that the Hotspot component of OpenJDK 21 was not properly\nbounding certain UTF-8 strings, which could lead to a buffer overflow. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2024-21131)\n\nIt was discovered that the Hotspot component of OpenJDK 21 could be made to\nrun into an infinite loop. If an automated system were tricked into\nprocessing excessively large symbols, an attacker could possibly use this\nissue to cause a denial of service. (CVE-2024-21138)\n\nIt was discovered that the Hotspot component of OpenJDK 21 did not \nproperly perform range check elimination. An attacker could possibly use \nthis issue to cause a denial of service, execute arbitrary code or bypass\nJava sandbox restrictions. (CVE-2024-21140)\n\nSergey Bylokhov discovered that OpenJDK 21 did not properly manage memory\nwhen handling 2D images. An attacker could possibly use this issue to\nobtain sensitive information. (CVE-2024-21145)\n\nIt was discovered that the Hotspot component of OpenJDK 21 incorrectly\nhandled memory when performing range check elimination under certain\ncircumstances. An attacker could possibly use this issue to cause a \ndenial of service, execute arbitrary code or bypass Java sandbox \nrestrictions. (CVE-2024-21147)\n","modified":"2026-04-24T09:51:52.083926Z","published":"2024-07-31T05:07:36Z","related":["UBUNTU-CVE-2024-21131","UBUNTU-CVE-2024-21138","UBUNTU-CVE-2024-21140","UBUNTU-CVE-2024-21145","UBUNTU-CVE-2024-21147"],"upstream":["CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21145","CVE-2024-21147","UBUNTU-CVE-2024-21131","UBUNTU-CVE-2024-21138","UBUNTU-CVE-2024-21140","UBUNTU-CVE-2024-21145","UBUNTU-CVE-2024-21147"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6932-1"}],"affected":[{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~20.04?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.4+7-1ubuntu2~20.04"}]}],"versions":["21.0.1+12-2~20.04.1","21.0.2+13-1~20.04.1","21.0.3+9-1ubuntu1~20.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.4+7-1ubuntu2~20.04","binary_name":"openjdk-21-testsupport"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6932-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]}}},{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~22.04?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.4+7-1ubuntu2~22.04"}]}],"versions":["21.0.1+12-2~22.04","21.0.2+13-1~22.04.1","21.0.3+9-1ubuntu1~22.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.4+7-1ubuntu2~22.04","binary_name":"openjdk-21-testsupport"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6932-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]}}},{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~24.04?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.4+7-1ubuntu2~24.04"}]}],"versions":["21+35-1","21.0.1+12-2","21.0.1+12-3","21.0.2+13-1","21.0.2+13-2","21.0.3~7ea-1","21.0.3~7ea-1build1","21.0.3~7ea-1build2","21.0.3+9-1","21.0.3+9-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.4+7-1ubuntu2~24.04","binary_name":"openjdk-21-testsupport"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6932-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}