Bug 2278674 (CVE-2024-21098) - CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of service
Summary: CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of ser...
Keywords:
Status: NEW
Alias: CVE-2024-21098
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2277977
TreeView+ depends on / blocked
 
Reported: 2024-05-02 16:34 UTC by Patrick Del Bello
Modified: 2025-02-06 16:43 UTC (History)
28 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:4080 0 None None None 2024-06-25 06:26:05 UTC
Red Hat Product Errata RHBA-2024:4082 0 None None None 2024-06-25 07:07:53 UTC
Red Hat Product Errata RHSA-2024:4079 0 None None None 2024-06-25 06:23:50 UTC
Red Hat Product Errata RHSA-2024:4081 0 None None None 2024-06-25 07:06:05 UTC
Red Hat Product Errata RHSA-2025:1154 0 None None None 2025-02-06 16:43:04 UTC

Description Patrick Del Bello 2024-05-02 16:34:59 UTC 
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Comment 9 errata-xmlrpc 2024-06-25 06:23:48 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8 on RHEL 8

Via RHSA-2024:4079 https://access.redhat.com/errata/RHSA-2024:4079
Comment 10 errata-xmlrpc 2024-06-25 07:06:03 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2 on RHEL 8

Via RHSA-2024:4081 https://access.redhat.com/errata/RHSA-2024:4081
Comment 12 errata-xmlrpc 2025-02-06 16:43:02 UTC 
This issue has been addressed in the following products:

  RHINT Camel-K 1.10.9

Via RHSA-2025:1154 https://access.redhat.com/errata/RHSA-2025:1154
Note You need to log in before you can comment on or make changes to this bug.