CVE-2021-35565 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in OpenJDK before versions 7u321, 8u312 and 11.0.13 in the core-libs/java.net component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK.

Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
Group Package Affected Fixed Severity Status Ticket
AVG-2480 jdk7-openjdk, jre7-openjdk-headless 7.u261_2.6.22-1 Medium Vulnerable
AVG-2479 jdk8-openjdk, jre8-openjdk-headless 8.u292-1 Medium Vulnerable
AVG-2478 jdk11-openjdk, jre11-openjdk-headless 11.0.12.u7-1 11.0.13.u8-1 Medium Fixed
References
https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19
https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA