Fedora Account System
Red Hat Associate
Red Hat Customer
Certificate chain validation can result in stack overflow under certain circumstances.
This CVE was fixed in Oracle Java SE 8u491, 11.0.31, 17.0.19, 21.0.11, 25.0.3. https://www.oracle.com/java/technologies/javase/8u491-relnotes.html#R180_491 https://www.oracle.com/java/technologies/javase/11-0-31-relnotes.html#R11_0_31 https://www.oracle.com/java/technologies/javase/17-0-19-relnotes.html#R17_0_19 https://www.oracle.com/java/technologies/javase/21-0-11-relnotes.html https://www.oracle.com/java/technologies/javase/25-0-3-relnotes.html
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/a36dd3dcd4b3ca4c56fd63411b034ffee7967600 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/06b7777bdd7c6b63738cf562eb7c6fbccc858b52 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/7d164e1f49be6399ad72fd774d6c552624fe5baf OpenJDK-21 upstream commit: https://github.com/openjdk/jdk21u/commit/4a8a9f1068b7d519ea6231c1bb0b2b91240330e9 OpenJDK-25 upstream commit: https://github.com/openjdk/jdk25u/commit/59a0ef77994e27ccffe954612c7dc80352a2b503
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:22139 https://access.redhat.com/errata/RHSA-2026:22139
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 10.2 Extended Update Support Via RHSA-2026:22328 https://access.redhat.com/errata/RHSA-2026:22328