Vulnerability DatabaseCVE-2024-21210

CVE-2024-21210:
Amazon Corretto JDK vulnerability analysis and mitigation

Overview

A vulnerability in Oracle Java SE (component: Hotspot) affects multiple versions including Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. This vulnerability (CVE-2024-21210) was disclosed in October 2024 and allows unauthenticated attackers with network access to compromise Oracle Java SE through multiple protocols (Oracle Advisory).

Technical details

The vulnerability is characterized by an array indexing integer overflow issue (reference #8328544). It has been assigned a CVSS 3.1 Base Score of 3.7 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. The scoring indicates that while the vulnerability is network-accessible, it requires high attack complexity and can only result in low impact to integrity (Oracle Advisory).

Impact

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. The vulnerability can be exploited through APIs in the specified Component, such as through web services which supply data to the APIs (NVD).

Mitigation and workarounds

Oracle has released patches for the affected versions as part of its Critical Patch Update. The fix is available for Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Users are strongly recommended to apply these security patches without delay to address the vulnerability (Oracle Advisory).

Additional resources

Source: This report was generated using AI

3.7

Score

Published October 15, 2024

Severity LOW

CNA Score 3.7

Affected Technologies

Amazon Corretto JDK
OpenJDK JRE

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 16.6

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

java-23-amazon-corretto
java-1.8.0-openjdk-accessibility

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Oct 20, 2024
- AlmaLinux 9 Severity MEDIUMHas FixAdded at: Oct 20, 2024
Alpine Security Tracker
- Alpine 3.19, 3.20, edge Severity LOWHas FixAdded at: Oct 27, 2024
- Alpine 3.21 Severity LOWHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity LOWHas FixAdded at: Jun 01, 2025
Chainguard
- Chainguard Has FixAdded at: Nov 11, 2024
Debian Security Tracker
- Debian 11, 12, 13 Severity LOWHas FixAdded at: Oct 17, 2024
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Dec 08, 2024
Photon Security Advisory
- Photon 4.0 Severity LOWHas FixAdded at: Jan 26, 2025
- Photon 5.0 Severity LOWHas FixAdded at: Feb 05, 2025
Red Hat Errata
- Red Hat 6 Severity MEDIUMNo FixAdded at: Oct 17, 2024
- Red Hat 7 Severity MEDIUMHas FixAdded at: Oct 17, 2024
- Red Hat 8 Severity MEDIUMHas FixAdded at: Oct 17, 2024
- Red Hat 9 Severity MEDIUMHas FixAdded at: Oct 17, 2024
- Red Hat 10 Severity MEDIUMNo FixAdded at: May 22, 2025
Rocky Linux Product Errata
- Rocky 8 Severity MEDIUMHas FixAdded at: Nov 05, 2024
- Rocky 9 Severity MEDIUMHas FixAdded at: Jan 13, 2025
Ubuntu Security Tracker
- Ubuntu 16.04 Severity LOWHas FixAdded at: Nov 05, 2024
- Ubuntu 18.04, 20.04, 22.04, 24.04 Severity LOWHas FixAdded at: Oct 27, 2024
- Ubuntu 24.10 Severity LOWHas FixAdded at: Dec 10, 2024
- Ubuntu 25.04 Severity LOWHas FixAdded at: May 08, 2025
Wolfi
- Wolfi Has FixAdded at: Nov 11, 2024