Hide Forgot
A flaw was found in the way the ClassFileParser class implementation in the Hotspot component of OpenJDK performed validation of inner class index values. A specially-crafted class file could cause a Java virtual machine to crash when loaded.
Public now via Oracle CPU October 2021: https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA Fixed in Oracle Java SE 8u311 and 7u321.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3884 https://access.redhat.com/errata/RHSA-2021:3884
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3885 https://access.redhat.com/errata/RHSA-2021:3885
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3893 https://access.redhat.com/errata/RHSA-2021:3893
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-35588
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3889 https://access.redhat.com/errata/RHSA-2021:3889
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3960 https://access.redhat.com/errata/RHSA-2021:3960
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3961 https://access.redhat.com/errata/RHSA-2021:3961
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/78565a54a256