{"id":"USN-7099-1","summary":"openjdk-21 vulnerabilities","details":"Andy Boothe discovered that the Networking component of OpenJDK 21 did not\nproperly handle access under certain circumstances. An unauthenticated\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2024-21208)\n\nIt was discovered that the Hotspot component of OpenJDK 21 did not properly\nhandle vectorization under certain circumstances. An unauthenticated\nattacker could possibly use this issue to access unauthorized resources\nand expose sensitive information. (CVE-2024-21210, CVE-2024-21235)\n\nIt was discovered that the Serialization component of OpenJDK 21 did not\nproperly handle deserialization under certain circumstances. An \nunauthenticated attacker could possibly use this issue to cause a denial\nof service. (CVE-2024-21217)\n","modified":"2026-04-27T17:09:43.022358Z","published":"2024-11-10T23:54:46Z","related":["UBUNTU-CVE-2024-21208","UBUNTU-CVE-2024-21210","UBUNTU-CVE-2024-21217","UBUNTU-CVE-2024-21235"],"upstream":["CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","UBUNTU-CVE-2024-21208","UBUNTU-CVE-2024-21210","UBUNTU-CVE-2024-21217","UBUNTU-CVE-2024-21235"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7099-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21208"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21210"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21217"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21235"}],"affected":[{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.5+11-1ubuntu1~20.04?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.5+11-1ubuntu1~20.04"}]}],"versions":["21.0.1+12-2~20.04.1","21.0.2+13-1~20.04.1","21.0.3+9-1ubuntu1~20.04.1","21.0.4+7-1ubuntu2~20.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.5+11-1ubuntu1~20.04","binary_name":"openjdk-21-testsupport"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21208"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21210"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21217"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-21235"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7099-1.json"}},{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.5+11-1ubuntu1~22.04?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.5+11-1ubuntu1~22.04"}]}],"versions":["21.0.1+12-2~22.04","21.0.2+13-1~22.04.1","21.0.3+9-1ubuntu1~22.04.1","21.0.4+7-1ubuntu2~22.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.5+11-1ubuntu1~22.04","binary_name":"openjdk-21-testsupport"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21208"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21210"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21217"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-21235"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7099-1.json"}},{"package":{"name":"openjdk-21","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openjdk-21@21.0.5+11-1ubuntu1~24.04?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.5+11-1ubuntu1~24.04"}]}],"versions":["21+35-1","21.0.1+12-2","21.0.1+12-3","21.0.2+13-1","21.0.2+13-2","21.0.3~7ea-1","21.0.3~7ea-1build1","21.0.3~7ea-1build2","21.0.3+9-1","21.0.3+9-1ubuntu1","21.0.4+7-1ubuntu2~24.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-demo"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-jdk"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-jdk-headless"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-jre"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-jre-headless"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-jre-zero"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-source"},{"binary_version":"21.0.5+11-1ubuntu1~24.04","binary_name":"openjdk-21-testsupport"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21208"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21210"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-21217"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-21235"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7099-1.json"}}],"schema_version":"1.7.5"}