PT-2021-7851 · Oracle+11 · Java Se+13
Tristen Hayfield
·
Published
2021-10-19
·
Updated
2026-05-08
·
CVE-2021-35565
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Java SE versions 7u311, 8u301, 11.0.12
Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0
Description
The issue is related to the JSSE component and involves the execution of a loop with an unavailable exit condition. This can be exploited by a remote attacker to cause a denial of service. The vulnerability can be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Successful attacks can result in unauthorized ability to cause a partial denial of service of Java SE, Oracle GraalVM Enterprise Edition.
Recommendations
For Java SE versions 7u311, 8u301, 11.0.12, update to a version that includes the fix for this issue.
For Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the JSSE component to minimize the risk of exploitation.
Avoid using the JSSE component in the affected API endpoints until the issue is resolved.
Fix
Infinite Loop
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Ibm Aix
Java Platform
Java Se
Linuxmint
Oracle Graalvm Enterprise Edition
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu