Lucene search

UbuntuUSN-6810-1

HistoryJun 06, 2024 - 12:00 a.m.

OpenJDK 8 vulnerabilities

2024-06-0600:00:00

ubuntu.com

openjdk

ubuntu

hotspot component

denial of service

arbitrary code

cve-2024-21011

cve-2024-21068

cve-2024-21085

cve-2024-21094

pack200

memory management

array accesses

c1 compiler

c2 compiler

unix

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Releases

Ubuntu 24.04 LTS
Ubuntu 23.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

openjdk-8 - Open Source Java implementation

Details

It was discovered that the Hotspot component of OpenJDK 8 incorrectly
handled certain exceptions with specially crafted long messages. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21011)

Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8
incorrectly handled address offset calculations in the C1 compiler. An
attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2024-21068)

Yakov Shafranovich discovered that OpenJDK 8 did not properly manage
memory in the Pack200 archive format. An attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21085)

It was discovered that the Hotspot component of OpenJDK 8 incorrectly
handled array accesses in the C2 compiler. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2024-21094)

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchopenjdk-8-jdk< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-dbg< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-demo< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-doc< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-jdk-headless< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-jre< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-jre-headless< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-jre-zero< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu24.04noarchopenjdk-8-source< 8u412-ga-1~24.04.2UNKNOWN
Ubuntu23.10noarchopenjdk-8-jdk< 8u412-ga-1~23.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	24.04	noarch	openjdk-8-jdk	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-dbg	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-demo	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-doc	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-jdk-headless	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-jre	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-jre-headless	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-jre-zero	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	24.04	noarch	openjdk-8-source	< 8u412-ga-1~24.04.2	UNKNOWN
Ubuntu	23.10	noarch	openjdk-8-jdk	< 8u412-ga-1~23.10.1	UNKNOWN