Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU57491
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35556
CWE-ID: CWE-20 - Improper Input Validation
Exploit availability: No
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
Mitigation
Update openjdk-17 package to version 17.0.1+12-1+deb11u2.
Vulnerable software versions
openjdk-17 (debian package): 17.0.1+12-1+deb11u1
CPE2.3
External links
http://www.debian.org/security/2021/dsa-5012
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU57492
Risk: ..
Support the originator by clicking the read the rest link below.