It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 11 incorrectly performed reverse DNS query under certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-21012) Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 11 incorrectly handled address offset calculations in the C1 compiler. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-21068) Yakov Shafranovich discovered that OpenJDK 11 did not properly manage memory in the Pack200 archive format. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21085) It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C2 compiler. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-21094)
Continue reading...
Continue reading...