REDHAT-BUG-2297962
First published: Mon Jul 15 2024(Updated: )
Excessive symbol length can lead to an infinite loop vulnerability in OpenJDK. Oracle CPU advisory - July 2024: <a href="https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA">https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2024:4564
- https://access.redhat.com/errata/RHSA-2024:4565
- https://access.redhat.com/errata/RHSA-2024:4569
- https://access.redhat.com/errata/RHSA-2024:4571
- https://access.redhat.com/errata/RHSA-2024:4570
- https://access.redhat.com/errata/RHSA-2024:4572
- https://access.redhat.com/errata/RHSA-2024:4566
- https://access.redhat.com/errata/RHSA-2024:4567
- https://access.redhat.com/errata/RHSA-2024:4573
- https://access.redhat.com/errata/RHSA-2024:4561
- https://access.redhat.com/errata/RHSA-2024:4568
- https://access.redhat.com/errata/RHSA-2024:4563
- https://access.redhat.com/errata/RHSA-2024:4560
- https://access.redhat.com/errata/RHSA-2024:4562
- https://github.com/openjdk/jdk8u/commit/3dd1095e9aac868078aaaa8b6d1da51873545a4e
- https://github.com/openjdk/jdk11u/commit/fcfbef7f66dc31978bcb228dd8a042f9aa190ff7
- https://github.com/openjdk/jdk17u/commit/5676e2157db6b4af859c9d7df61d4ae527b40da0
- https://github.com/openjdk/jdk21u/commit/9862eb38f3e5add6a852870a9e3a4feb9d33f807
- https://bugzilla.redhat.com/show_bug.cgi?id=2297962
Frequently Asked Questions
What is the severity of REDHAT-BUG-2297962?
The severity of REDHAT-BUG-2297962 is considered high due to its potential to cause an infinite loop in OpenJDK.
How do I fix REDHAT-BUG-2297962?
To fix REDHAT-BUG-2297962, update your OpenJDK installation to the latest patched version provided by Oracle.
What versions of OpenJDK are affected by REDHAT-BUG-2297962?
REDHAT-BUG-2297962 affects OpenJDK 17 and possibly other versions that utilize the same underlying code.
What causes the vulnerability identified in REDHAT-BUG-2297962?
The vulnerability in REDHAT-BUG-2297962 is caused by excessive symbol length which can lead to an infinite loop in the parsing process.
Is there any workaround for REDHAT-BUG-2297962?
Currently, no specific workarounds are recommended for REDHAT-BUG-2297962 aside from updating to a patched version.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-21138
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17