What is the severity of USN-7339-1?

The severity of USN-7339-1 is critical, as it could allow unauthenticated attackers to cause a denial of service.

How do I fix USN-7339-1?

To fix USN-7339-1, you should upgrade to the latest version of the vulnerable packages listed in the advisory.

Which packages are affected by USN-7339-1?

The affected packages include openjdk-21-crac-jdk, openjdk-21-crac-jdk-headless, openjdk-21-crac-jre, openjdk-21-crac-jre-headless, and openjdk-21-crac-jre-zero.

What causes the vulnerability in USN-7339-1?

The vulnerability in USN-7339-1 is caused by improper handling of access within the Networking component of CRaC JDK 21.

Who discovered the vulnerability identified in USN-7339-1?

The vulnerability identified in USN-7339-1 was discovered by Andy Boothe.

Vulnerability/
USN-7339-1

11/3/2025

10/5/2025

USN-7339-1: CRaC JDK 21 vulnerabilities

First published: Tue Mar 11 2025(Updated: )

Andy Boothe discovered that the Networking component of CRaC JDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 21 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2024-10-15 https://openjdk.org/groups/vulnerability/advisories/2025-01-21

Affected Software	Affected Version	How to fix
Oracle Java SE 7

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-7339-1?
The severity of USN-7339-1 is critical, as it could allow unauthenticated attackers to cause a denial of service.
How do I fix USN-7339-1?
To fix USN-7339-1, you should upgrade to the latest version of the vulnerable packages listed in the advisory.
Which packages are affected by USN-7339-1?
The affected packages include openjdk-21-crac-jdk, openjdk-21-crac-jdk-headless, openjdk-21-crac-jre, openjdk-21-crac-jre-headless, and openjdk-21-crac-jre-zero.
What causes the vulnerability in USN-7339-1?
The vulnerability in USN-7339-1 is caused by improper handling of access within the Networking component of CRaC JDK 21.
Who discovered the vulnerability identified in USN-7339-1?
The vulnerability identified in USN-7339-1 was discovered by Andy Boothe.

agent/title
agent/source
agent/last-modified-date
agent/type
agent/description
agent/first-publish-date
agent/event
collector/usn
source/Ubuntu
agent/references
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
vendor/oracle
canonical/oracle java se 7