CVE-2021-35578 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/javax.net.ssl component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK.

Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
Group Package Affected Fixed Severity Status Ticket
AVG-2479 jdk8-openjdk, jre8-openjdk-headless 8.u292-1 Medium Vulnerable
AVG-2478 jdk11-openjdk, jre11-openjdk-headless 11.0.12.u7-1 11.0.13.u8-1 Medium Fixed
AVG-2477 jdk-openjdk, jre-openjdk-headless 17.u35-1 17.0.1.u12-1 Medium Fixed
References
https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19
https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA