usn-6661-1
Vulnerability from osv_ubuntu
Published
2024-02-27 02:04
Modified
2026-04-27 14:11
Summary
openjdk-17 vulnerabilities
Details

Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 17 had an optimization flaw when generating range check loop predicates. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP archives that have file and directory entries with the same name. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20932)

It was discovered that OpenJDK 17 could produce debug logs that contained private keys used for digital signatures. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-20945)

Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a timing side-channel and incorrectly handled RSA padding. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-20952)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2024-20918",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20919",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20921",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20945",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20952",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "openjdk-17-demo",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk-headless",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-jre",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-headless",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-zero",
            "binary_version": "17.0.10+7-1~18.04.1"
          },
          {
            "binary_name": "openjdk-17-source",
            "binary_version": "17.0.10+7-1~18.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "openjdk-17",
        "purl": "pkg:deb/ubuntu/openjdk-17@17.0.10+7-1~18.04.1?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.10+7-1~18.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "17+35-1~18.04",
        "17.0.1+12-1~18.04",
        "17.0.2+8-1~18.04",
        "17.0.3+7-0ubuntu0.18.04.1",
        "17.0.4+8-1~18.04",
        "17.0.5+8-2ubuntu1~18.04",
        "17.0.6+10-0ubuntu1~18.04.1",
        "17.0.7+7~us1-0ubuntu1~18.04",
        "17.0.8+7-1~18.04",
        "17.0.8.1+1~us1-0ubuntu1~18.04",
        "17.0.9+9-1~18.04"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2024-20918",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20919",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20921",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20945",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20952",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "openjdk-17-demo",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk-headless",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-jre",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-headless",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-zero",
            "binary_version": "17.0.10+7-1~20.04.1"
          },
          {
            "binary_name": "openjdk-17-source",
            "binary_version": "17.0.10+7-1~20.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "openjdk-17",
        "purl": "pkg:deb/ubuntu/openjdk-17@17.0.10+7-1~20.04.1?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.10+7-1~20.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "17+35-1~20.04",
        "17.0.1+12-1~20.04",
        "17.0.2+8-1~20.04",
        "17.0.3+7-0ubuntu0.20.04.1",
        "17.0.4+8-1~20.04",
        "17.0.5+8-2ubuntu1~20.04",
        "17.0.6+10-0ubuntu1~20.04.1",
        "17.0.7+7~us1-0ubuntu1~20.04",
        "17.0.8+7-1~20.04.2",
        "17.0.8.1+1~us1-0ubuntu1~20.04",
        "17.0.9+9-1~20.04"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2024-20918",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20919",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20921",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20945",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-20952",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "openjdk-17-demo",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-jdk-headless",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-jre",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-headless",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-jre-zero",
            "binary_version": "17.0.10+7-1~22.04.1"
          },
          {
            "binary_name": "openjdk-17-source",
            "binary_version": "17.0.10+7-1~22.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "openjdk-17",
        "purl": "pkg:deb/ubuntu/openjdk-17@17.0.10+7-1~22.04.1?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.10+7-1~22.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "17+35-1",
        "17.0.1+12-1",
        "17.0.2+8-1",
        "17.0.3+7-0ubuntu0.22.04.1",
        "17.0.4+8-1~22.04",
        "17.0.5+8-2ubuntu1~22.04",
        "17.0.6+10-0ubuntu1~22.04",
        "17.0.7+7~us1-0ubuntu1~22.04.2",
        "17.0.8+7-1~22.04",
        "17.0.8.1+1~us1-0ubuntu1~22.04",
        "17.0.9+9-1~22.04"
      ]
    }
  ],
  "aliases": [],
  "details": "Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly\nhandled array accesses in the C1 compiler. An attacker could possibly\nuse this issue to cause a denial of service, execute arbitrary code or\nbypass Java sandbox restrictions. (CVE-2024-20918)\n\nIt was discovered that the Hotspot component of OpenJDK 17 did not\nproperly verify bytecode in certain situations. An attacker could\npossibly use this issue to bypass Java sandbox restrictions.\n(CVE-2024-20919)\n\nIt was discovered that the Hotspot component of OpenJDK 17 had an\noptimization flaw when generating range check loop predicates. An attacker\ncould possibly use this issue to cause a denial of service, execute\narbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)\n\nYakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP\narchives that have file and directory entries with the same name. An\nattacker could possibly use this issue to bypass Java sandbox\nrestrictions. (CVE-2024-20932)\n\nIt was discovered that OpenJDK 17 could produce debug logs that contained\nprivate keys used for digital signatures. An attacker could possibly use\nthis issue to obtain sensitive information. (CVE-2024-20945)\n\nHubert Kario discovered that the TLS implementation in OpenJDK 17 had a\ntiming side-channel and incorrectly handled RSA padding. A remote attacker\ncould possibly use this issue to recover sensitive information.\n(CVE-2024-20952)\n",
  "id": "USN-6661-1",
  "modified": "2026-04-27T14:11:32Z",
  "published": "2024-02-27T02:04:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6661-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20918"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20919"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20921"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20932"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20945"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-20952"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "openjdk-17 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2024-20918",
    "UBUNTU-CVE-2024-20919",
    "UBUNTU-CVE-2024-20921",
    "UBUNTU-CVE-2024-20932",
    "UBUNTU-CVE-2024-20945",
    "UBUNTU-CVE-2024-20952"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…