{"id":"USN-7124-1","summary":"openjdk-23 vulnerabilities","details":"Andy Boothe discovered that the Networking component of OpenJDK 23 did not\nproperly handle access under certain circumstances. An unauthenticated\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2024-21208)\n\nIt was discovered that the Hotspot component of OpenJDK 23 did not properly\nhandle vectorization under certain circumstances. An unauthenticated\nattacker could possibly use this issue to access unauthorized resources\nand expose sensitive information. (CVE-2024-21210, CVE-2024-21235)\n\nIt was discovered that the Serialization component of OpenJDK 23 did not\nproperly handle deserialization under certain circumstances. An \nunauthenticated attacker could possibly use this issue to cause a denial\nof service. (CVE-2024-21217)\n","modified":"2026-01-30T00:40:19.804982Z","published":"2024-11-24T23:09:55.837219Z","related":["CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","UBUNTU-CVE-2024-21208","UBUNTU-CVE-2024-21210","UBUNTU-CVE-2024-21217","UBUNTU-CVE-2024-21235"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7124-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21208"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21210"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21217"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-21235"}],"affected":[{"package":{"name":"openjdk-23","ecosystem":"Ubuntu:24.10","purl":"pkg:deb/ubuntu/openjdk-23@23.0.1+11-1ubuntu1~24.10.1?arch=source&distro=oracular"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.0.1+11-1ubuntu1~24.10.1"}]}],"versions":["23~20ea-1","23~28ea-1ubuntu1","23~33ea-1","23~34ea-1","23~36ea-1","23~37ea-1","23+37-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-dbg"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-demo"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-doc"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-jdk"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-jdk-headless"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-jre"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-jre-headless"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-jre-zero"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-source"},{"binary_version":"23.0.1+11-1ubuntu1~24.10.1","binary_name":"openjdk-23-testsupport"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7124-1.json"}}],"schema_version":"1.7.3"}