CVE-2024-21098

LOW

Oracle GraalVM JDK 17.0.10/21.0.2/22 & Enterprise 20.3.13/21.3.9 - Partial DoS in Compiler

Title source: llm

Description

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.oracle.com/security-alerts/cpuapr2024.html

Scores

CVSS v3 3.7

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (5)

oracle/graalvm 20.3.13

oracle/graalvm 21.3.9

oracle/graalvm_for_jdk 17.0.10

oracle/graalvm_for_jdk 21.0.2

oracle/graalvm_for_jdk 22

Published Apr 16, 2024

Tracked Since Feb 18, 2026