First published: Fri Oct 15 2021(Updated: )
A flaw was found in the way the RTFReader class implementation in the Swing component of OpenJDK handled style keyword parameters. A specially crafted Rich Text Format (RTF) file could cause a Java application using RTFReader to allocate an excessive ammount of memory and possibly terminate on out-of-memory condition.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el7_9 | 11-openjdk-1:11.0.13.0.8-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 |
redhat/java | <1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_4 | 11-openjdk-1:11.0.13.0.8-1.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4 |
redhat/java | <17-openjdk-1:17.0.1.0.12-2.el8_5 | 17-openjdk-1:17.0.1.0.12-2.el8_5 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1.el8_5 | 1.8.0-ibm-1:1.8.0.7.0-1.el8_5 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_1 | 11-openjdk-1:11.0.13.0.8-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_2 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_2 | 11-openjdk-1:11.0.13.0.8-1.el8_2 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.8+7-1~deb12u1 17.0.9+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
Oracle GraalVM | =20.3.3 | |
Oracle GraalVM | =21.2.0 | |
Oracle OpenJDK | =7-update311 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =11.0.12 | |
Oracle OpenJDK | =17 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.50.2 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
Netapp Hci Management Node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Solidfire | ||
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
IBM QRadar SIEM | <=7.5.0 GA | |
IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-35559 is an unspecified vulnerability in Java SE related to the Swing component.
CVE-2021-35559 has a severity level of 5.3 (Medium).
Java SE versions 7u311, 8u301, 11.0.12, and 17; Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0 are affected.
To fix CVE-2021-35559, update to the following versions: Java SE 7u311, 8u301, 11.0.12, or 17; Oracle GraalVM Enterprise Edition 20.3.3 or 21.2.0.
Additional information about CVE-2021-35559 can be found in the references provided: Oracle Security Alerts (CPUOct2021) and Red Hat Security Advisories (RHSA-2021:3886, RHSA-2021:3884).