First published: Mon Jul 15 2024(Updated: )
An out-of-bounds access vulnerability was found in OpenJDK's 2D image handling. Oracle CPU advisory - July 2024: <a href="https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA">https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA</a>
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM Enterprise Edition | =20.3.14 | |
Oracle GraalVM Enterprise Edition | =21.3.10 | |
Oracle GraalVM Enterprise Edition | =22.0.1 | |
Oracle GraalVM for JDK | =17.0.11 | |
Oracle GraalVM for JDK | =21.0.3 | |
Oracle GraalVM for JDK | =22.0.1 | |
Oracle JDK 6 | =1.8.0-update411 | |
Oracle JDK 6 | =1.8.0-update411 | |
Oracle JDK 6 | =11.0.23 | |
Oracle JDK 6 | =17.0.11 | |
Oracle JDK 6 | =21.0.3 | |
Oracle JDK 6 | =22.0.1 | |
Oracle Java Runtime Environment (JRE) | =1.8.0-update411 | |
Oracle Java Runtime Environment (JRE) | =1.8.0-update411 | |
Oracle Java Runtime Environment (JRE) | =11.0.23 | |
Oracle Java Runtime Environment (JRE) | =17.0.11 | |
Oracle Java Runtime Environment (JRE) | =21.0.3 | |
Oracle Java Runtime Environment (JRE) | =22.0.1 | |
NetApp BlueXP | ||
NetApp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.26+4-1 | |
debian/openjdk-17 | 17.0.12+7-2~deb11u1 17.0.14+7-1~deb11u1 17.0.13+11-2~deb12u1 17.0.14+7-1~deb12u1 17.0.14+7-1 | |
debian/openjdk-21 | 21.0.6+7-1 | |
debian/openjdk-8 | 8u442-ga-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-21145 has been classified as a critical vulnerability due to its out-of-bounds access in OpenJDK's 2D image handling.
To fix CVE-2024-21145, update to the latest patched versions of the affected software listed in the security advisory.
CVE-2024-21145 affects various versions of OpenJDK, Oracle Java, and specific IBM and NetApp products.
Yes, CVE-2024-21145 can potentially be exploited remotely, making it critical to apply the necessary updates.
As of now, there are no known public exploits for CVE-2024-21145, but due to its severity, it is advised to monitor the situation closely.