2278674 – (CVE-2024-21098) CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of service

Bug 2278674 (CVE-2024-21098) - CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of service

Summary: CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of ser...

Keywords:
Status:	NEW
Alias:	CVE-2024-21098
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2277977
TreeView+	depends on / blocked

Reported:	2024-05-02 16:34 UTC by Patrick Del Bello
Modified:	2024-06-25 07:07 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in GraalVM and Mandrel (Community Edition). Successful attacks of this vulnerability can result in the unauthorized ability to cause a partial denial of service (partial DOS).
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2024:4080	None	None	None	2024-06-25 06:26:05 UTC
Red Hat Product Errata	RHBA-2024:4082	None	None	None	2024-06-25 07:07:53 UTC
Red Hat Product Errata	RHSA-2024:4079	None	None	None	2024-06-25 06:23:50 UTC
Red Hat Product Errata	RHSA-2024:4081	None	None	None	2024-06-25 07:06:05 UTC

Description Patrick Del Bello 2024-05-02 16:34:59 UTC

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Comment 9 errata-xmlrpc 2024-06-25 06:23:48 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8 on RHEL 8

Via RHSA-2024:4079 https://access.redhat.com/errata/RHSA-2024:4079

Comment 10 errata-xmlrpc 2024-06-25 07:06:03 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2 on RHEL 8

Via RHSA-2024:4081 https://access.redhat.com/errata/RHSA-2024:4081

Note You need to log in before you can comment on or make changes to this bug.

adinn
anstephe
avibelli
bgeorges
chazlett
clement.escoffier
dandread
dkreling
fzakkak
galder.zamarreno
gsmet
hamadhan
jmartisk
jwon
lthon
max.andersen
mbabacek
mosmerov
olubyans
pgallagh
pjindal
probinso
rruss
rsvoboda
sausingh
sbiarozk
sdouglas
sgehwolf
tqvarnst