Certificate chain validation can result in stack overflow under certain circumstances.
This CVE was fixed in Oracle Java SE 8u491, 11.0.31, 17.0.19, 21.0.11, 25.0.3. https://www.oracle.com/java/technologies/javase/8u491-relnotes.html#R180_491 https://www.oracle.com/java/technologies/javase/11-0-31-relnotes.html#R11_0_31 https://www.oracle.com/java/technologies/javase/17-0-19-relnotes.html#R17_0_19 https://www.oracle.com/java/technologies/javase/21-0-11-relnotes.html https://www.oracle.com/java/technologies/javase/25-0-3-relnotes.html
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/a36dd3dcd4b3ca4c56fd63411b034ffee7967600 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/06b7777bdd7c6b63738cf562eb7c6fbccc858b52 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/7d164e1f49be6399ad72fd774d6c552624fe5baf OpenJDK-21 upstream commit: https://github.com/openjdk/jdk21u/commit/4a8a9f1068b7d519ea6231c1bb0b2b91240330e9 OpenJDK-25 upstream commit: https://github.com/openjdk/jdk25u/commit/59a0ef77994e27ccffe954612c7dc80352a2b503