low
3.7
CWE
190
Advisory Published
CVE Published
Updated

CVE-2024-21068: Integer Overflow

First published: Sun Apr 14 2024(Updated: )

It was discovered that the C1 compiler in the Hotspot component of OpenJDK did not correctly apply an unsigned integer left shift to calculate the actual address offset under certain conditions. This could lead to an integer overflow and out-of-bounds array access, potentially corrupting the JVM memory.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
Oracle GraalVM Enterprise Edition=21.3.9
Oracle GraalVM for JDK=17.0.10
Oracle GraalVM for JDK=21.0.2
Oracle GraalVM for JDK=22
Oracle JDK 6=1.8.0-update401
Oracle JDK 6=11.0.22
Oracle JDK 6=17.0.10
Oracle JDK 6=21.0.2
Oracle JDK 6=22.0.1
Oracle Java Runtime Environment (JRE)=1.8.0-update401
Oracle Java Runtime Environment (JRE)=11.0.22
Oracle Java Runtime Environment (JRE)=17.0.10
Oracle Java Runtime Environment (JRE)=21.0.2
Oracle Java Runtime Environment (JRE)=22
NetApp Active IQ Unified Manager for VMware vSphere
netapp active iq unified manager windows
NetApp Data Infrastructure Insights Acquisition Unit
NetApp Data Infrastructure Insights Storage Workload Security Agent
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
Debian GNU/Linux=10.0
debian/openjdk-11
11.0.24+8-2~deb11u1
11.0.26+4-1~deb11u1
11.0.26+4-1
debian/openjdk-17
17.0.12+7-2~deb11u1
17.0.14+7-1~deb11u1
17.0.13+11-2~deb12u1
17.0.14+7-1~deb12u1
17.0.14+7-1
debian/openjdk-21
21.0.6+7-1
debian/openjdk-8
8u442-ga-1

Remedy

https://github.com/openjdk/jdk17u/commit/07873cca21dc961f5f303422340fc0a3c2d68f0d

Remedy

https://github.com/openjdk/jdk21u/commit/517bd93d019ceeae9c10460b709b54581f4f48ed

Remedy

https://github.com/openjdk/jdk8u/commit/97be54783b8e5464dcb9796c1714e8b69c106409

Remedy

https://github.com/openjdk/jdk11u/commit/a57f289f7d581f1b014899db582b17d3c020ddbc

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-21068?

    CVE-2024-21068 is considered a high-severity vulnerability due to the potential for integer overflow and out-of-bounds array access.

  • How do I fix CVE-2024-21068?

    To fix CVE-2024-21068, update affected software to the latest patched versions provided by the vendor.

  • Which software versions are affected by CVE-2024-21068?

    CVE-2024-21068 affects multiple versions of Oracle GraalVM, JDK, and JRE, specifically versions 1.8.0-update401, 11.0.22, 17.0.10, 21.0.2, and 22.0.1.

  • What are the potential risks of CVE-2024-21068?

    The risks associated with CVE-2024-21068 include possible corruption of the JVM memory and unauthorized access due to out-of-bounds errors.

  • Can CVE-2024-21068 impact production environments?

    Yes, CVE-2024-21068 can significantly impact production environments by destabilizing applications that rely on the affected OpenJDK components.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203