Allocation of Resources Without Limits or Throttling Affecting openjdk-jre package, versions [,1.7.0_331) [1.8.0,1.8.0_321) [9.0.0,11.0.14) [12.0.0,17.0.2)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.17% (54th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UPSTREAM-OPENJDKJRE-2343486
- published 19 Jan 2022
- disclosed 18 Jan 2022
- credit Markus Loewe
Introduced: 18 Jan 2022
CVE-2022-21294 Open this link in a new tabHow to fix?
Upgrade openjdk-jre to version 7.0.331, 8.0.321, 11.0.14, 17.0.2 or higher.
Overview
openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling the implementation of the IdentityHashMap class doesn't properly validate the value of its size attribute when creating object instances from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.