{"id":"USN-7669-1","summary":"openjdk-24 vulnerabilities","details":"It was discovered that the 2D component of OpenJDK 24 did not properly\nmanage memory under certain circumstances. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary code.\n(CVE-2025-30749, CVE-2025-50106)\n\nMashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK\n24 did not properly manage TLS 1.3 handshakes under certain\ncircumstances. An attacker could possibly use this issue to obtain\nsensitive information. (CVE-2025-30754)\n\nMartin van Wingerden and Violeta Georgieva of Broadcom discovered\nthat the Networking component of OpenJDK 24 did not properly\nmanage network connections under certain circumstances. An attacker\ncould possibly use this issue to obtain sensitive information.\n(CVE-2025-50059)","modified":"2026-02-04T03:57:34.954481Z","published":"2025-07-24T12:48:01.239838Z","related":["UBUNTU-CVE-2025-30749","UBUNTU-CVE-2025-30754","UBUNTU-CVE-2025-50059","UBUNTU-CVE-2025-50106"],"upstream":["CVE-2025-30749","CVE-2025-30754","CVE-2025-50059","CVE-2025-50106","UBUNTU-CVE-2025-30749","UBUNTU-CVE-2025-30754","UBUNTU-CVE-2025-50059","UBUNTU-CVE-2025-50106"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7669-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-30749"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-30754"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-50059"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-50106"}],"affected":[{"package":{"name":"openjdk-24","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/openjdk-24@24.0.2+12~us1-0ubuntu1~25.04.1?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.2+12~us1-0ubuntu1~25.04.1"}]}],"versions":["24~16ea-1","24~20ea-1","24~22ea-1","24~30ea-1","24~33ea-1","24~34ea-0ubuntu1","24~36ea-1","24+36-1","24.0.1+9~us1-0ubuntu1~25.04"],"ecosystem_specific":{"binaries":[{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-demo"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jdk"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jdk-headless"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jre"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jre-headless"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jre-zero"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-jvmci-jdk"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-source"},{"binary_version":"24.0.2+12~us1-0ubuntu1~25.04.1","binary_name":"openjdk-24-testsupport"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.04","cves":[{"id":"CVE-2025-30749","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-30754","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-50059","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-50106","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7669-1.json"}}],"schema_version":"1.7.3"}