CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 8 (8u422) for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 (8u412) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)
OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)
OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)
OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)
OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)
OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.