CVE-2021-35565 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in OpenJDK before versions 7u321, 8u312 and 11.0.13 in the core-libs/java.net component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK. Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.

Group	Package	Affected	Fixed	Severity	Status
AVG-2480	jdk7-openjdk, jre7-openjdk-headless	7.u261_2.6.22-1		Medium	Unknown
AVG-2479	jdk8-openjdk, jre8-openjdk-headless	8.u292-1	8.332.u04-1	Medium	Fixed
AVG-2478	jdk11-openjdk, jre11-openjdk-headless	11.0.12.u7-1	11.0.13.u8-1	Medium	Fixed

References
https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19 https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA