<p>Upgrade <code>Oracle:7</code> <code>java-11-openjdk-headless</code> to version 1:11.0.20.0.8-1.0.1.el7_9 or higher.<br>This issue was patched in <code>ELSA-2023-4233</code>.</p>

Allocation of Resources Without Limits or Throttling Affecting java-11-openjdk-headless package, versions <1:11.0.20.0.8-1.0.1.el7_9

Threat Intelligence

0.19% (57^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-ORACLE7-JAVA11OPENJDKHEADLESS-5802277
published 22 Jul 2023
disclosed 4 Feb 2023

Report a new vulnerability Found a mistake?

Introduced: 4 Feb 2023

CVE-2023-25193 Open this link in a new tab CWE-770 Open this link in a new tab

How to fix?

Upgrade Oracle:7 java-11-openjdk-headless to version 1:11.0.20.0.8-1.0.1.el7_9 or higher.
This issue was patched in ELSA-2023-4233.

NVD Description

Note: Versions mentioned in the description apply only to the upstream java-11-openjdk-headless package and not the java-11-openjdk-headless package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

References

CVSS Scores

version 3.1

Allocation of Resources Without Limits or Throttling Affecting java-11-openjdk-headless package, versions <1:11.0.20.0.8-1.0.1.el7_9

Severity

Based on Oracle Linux security rating