CVE-2024-21145

First published: Mon Jul 15 2024(Updated: )

An out-of-bounds access vulnerability was found in OpenJDK's 2D image handling. Oracle CPU advisory - July 2024: <a href="https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA">https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA</a>

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle GraalVM	=20.3.14
Oracle GraalVM	=21.3.10
Oracle GraalVM	=22.0.1
Oracle GraalVM for JDK	=17.0.11
Oracle GraalVM for JDK	=21.0.3
Oracle GraalVM for JDK	=22.0.1
Oracle Java Jdk	=1.8.0-update411
Oracle Java Jdk	=1.8.0-update411
Oracle Java Jdk	=11.0.23
Oracle Java Jdk	=17.0.11
Oracle Java Jdk	=21.0.3
Oracle Java Jdk	=22.0.1
Oracle Java Jre	=1.8.0-update411
Oracle Java Jre	=1.8.0-update411
Oracle Java Jre	=11.0.23
Oracle Java Jre	=17.0.11
Oracle Java Jre	=21.0.3
Oracle Java Jre	=22.0.1
Netapp Bluexp
Netapp Cloud Insights Storage Workload Security Agent
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.25+9-1~deb11u1 11.0.25+9-1
debian/openjdk-17		17.0.12+7-2~deb11u1 17.0.13+11-1~deb11u1 17.0.13+11-2~deb12u1 17.0.13+11-2
debian/openjdk-21		21.0.5+11-1
debian/openjdk-8		8u432-b06-2
IBM Sterling Secure Proxy	<=6.0.0.06.0.1.06.0.2.06.0.3.0
IBM Sterling Secure Proxy	<=6.1.0.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7173631

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-21145
agent/severity
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-cve
agent/references
agent/last-modified-date
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/ibm-support
source/IBM
vendor/oracle
canonical/oracle graalvm
version/oracle graalvm/20.3.14
version/oracle graalvm/21.3.10
version/oracle graalvm/22.0.1
canonical/oracle graalvm for jdk
version/oracle graalvm for jdk/17.0.11
version/oracle graalvm for jdk/21.0.3
version/oracle graalvm for jdk/22.0.1
canonical/oracle java jdk
version/oracle java jdk/1.8.0-update411
version/oracle java jdk/11.0.23
version/oracle java jdk/17.0.11
version/oracle java jdk/21.0.3
version/oracle java jdk/22.0.1
canonical/oracle java jre
version/oracle java jre/1.8.0-update411
version/oracle java jre/11.0.23
version/oracle java jre/17.0.11
version/oracle java jre/21.0.3
version/oracle java jre/22.0.1
vendor/netapp
canonical/netapp bluexp
canonical/netapp cloud insights storage workload security agent
canonical/netapp oncommand insight
canonical/netapp oncommand workflow automation
package-manager/debian
vendor/ibm
canonical/ibm sterling secure proxy
version/ibm sterling secure proxy/6.0.0.06.0.1.06.0.2.06.0.3.0
version/ibm sterling secure proxy/6.1.0.0

CVE-2024-21145

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact