It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 17 incorrectly performed reverse DNS query under certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-21012) Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 17 incorrectly handled address offset calculations in the C1 compiler. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-21068) It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C2 compiler. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-21094)
Continue reading...
Continue reading...