CVE-2024-20932: 
Java vulnerability analysis and mitigation

A security vulnerability (CVE-2024-20932) was identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products, specifically affecting the Security component. The affected versions include Oracle Java SE 17.0.9, Oracle GraalVM for JDK 17.0.9, and Oracle GraalVM Enterprise Edition versions 21.3.8 and 22.3.4. This vulnerability was disclosed in January 2024 and is related to incorrect handling of ZIP files with duplicate entries (Oracle CPU, NetApp Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability is network-exploitable with low attack complexity, requires no privileges or user interaction, and primarily impacts system integrity (NVD, NetApp Advisory).

Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access via multiple protocols to compromise the affected components. The attack can result in unauthorized creation, deletion, or modification access to critical data or all accessible data within the affected Java SE components (Oracle CPU).

Oracle has released security patches to address this vulnerability in the January 2024 Critical Patch Update. Users are strongly advised to update to the patched versions. For Red Hat systems, updates are available through java-17-openjdk version 17.0.10.0.7-1 (Oracle CPU, Red Hat Advisory).