java-17-amazon-corretto vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the java-17-amazon-corretto package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Uncontrolled Memory Allocation

<1:17.0.13+11-1.amzn2.1
  • M
Improper Handling of Length Parameter Inconsistency

<1:17.0.13+11-1.amzn2.1
  • M
Signed to Unsigned Conversion Error

<1:17.0.13+11-1.amzn2.1
  • M
Integer Overflow or Wraparound

<1:17.0.13+11-1.amzn2.1
  • H
Out-of-bounds Read

<1:17.0.12+7-1.amzn2.1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<1:17.0.12+7-1.amzn2.1
  • H
CVE-2024-21147

<1:17.0.12+7-1.amzn2.1
  • H
CVE-2024-21131

<1:17.0.12+7-1.amzn2.1
  • H
CVE-2024-21140

<1:17.0.12+7-1.amzn2.1
  • L
Integer Overflow or Wraparound

<1:17.0.11+9-1.amzn2.1
  • L
Out-of-bounds Write

<1:17.0.11+9-1.amzn2.1
  • L
Reliance on Reverse DNS Resolution for a Security-Critical Action

<1:17.0.11+9-1.amzn2.1
  • L
Improper Output Neutralization for Logs

<1:17.0.11+9-1.amzn2.1
  • H
Information Exposure Through Log Files

<1:17.0.10+7-1.amzn2.1
  • H
CVE-2024-20925

<1:17.0.10+7-1.amzn2.1
  • H
CVE-2024-20923

<1:17.0.10+7-1.amzn2.1
  • H
Improper Input Validation

<1:17.0.10+7-1.amzn2.1
  • H
Improper Input Validation

<1:17.0.10+7-1.amzn2.1
  • H
Covert Timing Channel

<1:17.0.10+7-1.amzn2.1
  • H
Improper Input Validation

<1:17.0.10+7-1.amzn2.1
  • H
CVE-2024-20922

<1:17.0.10+7-1.amzn2.1
  • H
Integer Overflow or Wraparound

<1:17.0.10+7-1.amzn2.1
  • M
Out-of-Bounds

<1:17.0.9+8-1.amzn2.1
  • M
Improper Certificate Validation

<1:17.0.9+8-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.8+7-1.amzn2.1
  • M
Out-of-bounds Read

<1:17.0.8+7-1.amzn2.1
  • M
Small Space of Random Values

<1:17.0.8+7-1.amzn2.1
  • M
Out-of-bounds Read

<1:17.0.8+7-1.amzn2.1
  • M
Directory Traversal

<1:17.0.8+7-1.amzn2.1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<1:17.0.8+7-1.amzn2.1
  • M
CVE-2023-22043

<1:17.0.8+7-1.amzn2.1
  • M
Directory Traversal

<1:17.0.8+7-1.amzn2.1
  • H
Improper Neutralization of Null Byte or NUL Character

<1:17.0.7+7-1.amzn2.1
  • H
Improper Neutralization of Null Byte or NUL Character

<1:17.0.7+7-1.amzn2.1
  • H
Improper Input Validation

<1:17.0.7+7-1.amzn2.1
  • H
Improper Input Validation

<1:17.0.7+7-1.amzn2.1
  • H
Improperly Implemented Security Check for Standard

<1:17.0.7+7-1.amzn2.1
  • H
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

<1:17.0.7+7-1.amzn2.1
  • H
Information Exposure

<1:17.0.7+7-1.amzn2.1
  • M
Reliance on File Name or Extension of Externally-Supplied File

<1:17.0.6+10-1.amzn2.1
  • M
Deserialization of Untrusted Data

<1:17.0.6+10-1.amzn2.1
  • M
Resource Exhaustion

<1:17.0.6+10-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.5+8-1.amzn2.1
  • M
Resource Exhaustion

<1:17.0.5+8-1.amzn2.1
  • M
Buffer Overflow

<1:17.0.5+8-1.amzn2.1
  • M
Integer Coercion Error

<1:17.0.5+8-1.amzn2.1
  • M
Authentication Bypass

<1:17.0.5+8-1.amzn2.1
  • M
Use of Insufficiently Random Values

<1:17.0.5+8-1.amzn2.1
  • H
Integer Coercion Error

<1:17.0.4+8-1.amzn2.1
  • H
Inconsistency Between Implementation and Documented Design

<1:17.0.4+8-1.amzn2.1
  • H
Improper Access Control

<1:17.0.4+8-1.amzn2.1
  • H
Resource Leak

<1:17.0.4+8-1.amzn2.1
  • H
Improper Use of Validation Framework

<1:17.0.3+6-1.amzn2.1
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<1:17.0.3+6-1.amzn2.1
  • H
Resource Exhaustion

<1:17.0.3+6-1.amzn2.1
  • H
Improper Verification of Cryptographic Signature

<1:17.0.3+6-1.amzn2.1
  • H
Integer Underflow

<1:17.0.3+6-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.2+8-1.amzn2.1
  • M
Integer Overflow or Wraparound

<1:17.0.2+8-1.amzn2.1
  • M
Integer Overflow or Wraparound

<1:17.0.2+8-1.amzn2.1
  • M
Improper Authorization

<1:17.0.2+8-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.2+8-1.amzn2.1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<1:17.0.2+8-1.amzn2.1
  • M
Improper Use of Validation Framework

<1:17.0.2+8-1.amzn2.1
  • M
Out-of-bounds Write

<1:17.0.2+8-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.2+8-1.amzn2.1
  • M
Uncaught Exception

<1:17.0.2+8-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.2+8-1.amzn2.1
  • M
Deserialization of Untrusted Data

<1:17.0.2+8-1.amzn2.1
  • M
Allocation of Resources Without Limits or Throttling

<1:17.0.2+8-1.amzn2.1
  • M
Improper Use of Validation Framework

<1:17.0.2+8-1.amzn2.1
  • M
Improper Cross-boundary Removal of Sensitive Data

<1:17.0.2+8-1.amzn2.1
  • C
Deserialization of Untrusted Data

<1:17.0.1+12-3.amzn2.1
  • C
Deserialization of Untrusted Data

<1:17.0.1+12-3.amzn2.1