CVE-2021-35578 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/javax.net.ssl component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK. Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.

Group	Package	Affected	Fixed	Severity	Status
AVG-2479	jdk8-openjdk, jre8-openjdk-headless	8.u292-1	8.332.u04-1	Medium	Fixed
AVG-2478	jdk11-openjdk, jre11-openjdk-headless	11.0.12.u7-1	11.0.13.u8-1	Medium	Fixed
AVG-2477	jdk-openjdk, jre-openjdk-headless	17.u35-1	17.0.1.u12-1	Medium	Fixed

References
https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19 https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA