java-17-openjdk-headless vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the java-17-openjdk-headless package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Out-of-bounds Read	<1:17.0.12.0.7-2.el8
H CVE-2024-21140	<1:17.0.12.0.7-2.el8
H CVE-2024-21147	<1:17.0.12.0.7-2.el8
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:17.0.12.0.7-2.el8
H CVE-2024-21131	<1:17.0.12.0.7-2.el8
M Out-of-bounds Write	<1:17.0.11.0.9-2.el8
M Integer Overflow or Wraparound	<1:17.0.11.0.9-2.el8
M Improper Output Neutralization for Logs	<1:17.0.11.0.9-2.el8
M Reliance on Reverse DNS Resolution for a Security-Critical Action	<1:17.0.11.0.9-2.el8
H Improper Input Validation	<1:17.0.10.0.7-2.el8
H Covert Timing Channel	<1:17.0.10.0.7-2.el8
H Integer Overflow or Wraparound	<1:17.0.10.0.7-2.el8
H Improper Input Validation	<1:17.0.10.0.7-2.el8
H Information Exposure Through Log Files	<1:17.0.10.0.7-2.el8
H Improper Input Validation	<1:17.0.10.0.7-2.el8
M Out-of-Bounds	*
M Improper Certificate Validation	<1:17.0.9.0.9-2.el8
M Out-of-Bounds	<1:17.0.9.0.9-2.el8
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:17.0.8.0.7-2.el8
M Small Space of Random Values	<1:17.0.8.0.7-2.el8
M Out-of-bounds Read	<1:17.0.8.0.7-2.el8
M Out-of-bounds Read	<1:17.0.8.0.7-2.el8
M Directory Traversal	<1:17.0.8.0.7-2.el8
M Directory Traversal	<1:17.0.8.0.7-2.el8
H Improper Input Validation	<1:17.0.7.0.7-1.el8_7
H Improperly Implemented Security Check for Standard	<1:17.0.7.0.7-1.el8_7
H Improper Input Validation	<1:17.0.7.0.7-1.el8_7
H Improper Neutralization of Null Byte or NUL Character	<1:17.0.7.0.7-1.el8_7
H Information Exposure	<1:17.0.7.0.7-1.el8_7
H Improper Neutralization of Null Byte or NUL Character	<1:17.0.7.0.7-1.el8_7
H Improper Enforcement of Message Integrity During Transmission in a Communication Channel	<1:17.0.7.0.7-1.el8_7
M Allocation of Resources Without Limits or Throttling	<1:17.0.8.0.7-2.el8
M Resource Exhaustion	<1:17.0.6.0.10-3.el8_7
M Reliance on File Name or Extension of Externally-Supplied File	<1:17.0.6.0.10-3.el8_7
L NULL Pointer Dereference	*
M Authentication Bypass	<1:17.0.5.0.8-2.el8_6
M Allocation of Resources Without Limits or Throttling	<1:17.0.5.0.8-2.el8_6
M Resource Exhaustion	<1:17.0.5.0.8-2.el8_6
M Use of Insufficiently Random Values	<1:17.0.5.0.8-2.el8_6
M Integer Coercion Error	<1:17.0.5.0.8-2.el8_6
M Buffer Overflow	<1:17.0.5.0.8-2.el8_6
H Integer Coercion Error	<1:17.0.4.0.8-2.el8_6
H Inconsistency Between Implementation and Documented Design	<1:17.0.4.0.8-2.el8_6
H Improper Access Control	<1:17.0.4.0.8-2.el8_6
H Resource Leak	<1:17.0.4.0.8-2.el8_6
M Integer Overflow or Wraparound	<1:17.0.5.0.8-2.el8_6
H Improper Verification of Cryptographic Signature	<1:17.0.3.0.6-2.el8_5
H Improper Use of Validation Framework	<1:17.0.3.0.6-2.el8_5
H Incorrect Behavior Order: Early Validation	<1:17.0.3.0.6-2.el8_5
H Integer Underflow	<1:17.0.3.0.6-2.el8_5
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<1:17.0.3.0.6-2.el8_5
H Resource Exhaustion	<1:17.0.3.0.6-2.el8_5
M Allocation of Resources Without Limits or Throttling	<1:17.0.2.0.8-4.el8_5
M Integer Overflow or Wraparound	<1:17.0.2.0.8-4.el8_5
M Allocation of Resources Without Limits or Throttling	<1:17.0.2.0.8-4.el8_5
M Improper Use of Validation Framework	<1:17.0.2.0.8-4.el8_5
M Allocation of Resources Without Limits or Throttling	<1:17.0.2.0.8-4.el8_5
M Integer Overflow or Wraparound	<1:17.0.2.0.8-4.el8_5
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:17.0.2.0.8-4.el8_5
M Improper Authorization	<1:17.0.2.0.8-4.el8_5
M Allocation of Resources Without Limits or Throttling	<1:17.0.2.0.8-4.el8_5
M Improper Use of Validation Framework	<1:17.0.2.0.8-4.el8_5
M Out-of-bounds Write	<1:17.0.2.0.8-4.el8_5
M Uncaught Exception	<1:17.0.2.0.8-4.el8_5
M Improper Cross-boundary Removal of Sensitive Data	<1:17.0.2.0.8-4.el8_5
M Allocation of Resources Without Limits or Throttling	<1:17.0.2.0.8-4.el8_5
M Deserialization of Untrusted Data	<1:17.0.2.0.8-4.el8_5
H Information Exposure	<1:17.0.1.0.12-2.el8_5
H NULL Pointer Dereference	<1:17.0.1.0.12-2.el8_5
H Allocation of Resources Without Limits or Throttling	<1:17.0.1.0.12-2.el8_5
H Incorrect Authorization	<1:17.0.1.0.12-2.el8_5
H Improper Input Validation	<1:17.0.1.0.12-2.el8_5
H Allocation of Resources Without Limits or Throttling	<1:17.0.1.0.12-2.el8_5
H Allocation of Resources Without Limits or Throttling	<1:17.0.1.0.12-2.el8_5
H Allocation of Resources Without Limits or Throttling	<1:17.0.1.0.12-2.el8_5

Vulnerability

Vulnerable Version

Out-of-bounds Read

<1:17.0.12.0.7-2.el8

CVE-2024-21140

<1:17.0.12.0.7-2.el8

CVE-2024-21147

<1:17.0.12.0.7-2.el8

Loop with Unreachable Exit Condition ('Infinite Loop')

<1:17.0.12.0.7-2.el8

CVE-2024-21131

<1:17.0.12.0.7-2.el8