NVD Vulnerability Detail

CVE-2024-21208

Summary	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Publication Date	Oct. 16, 2024, 5:15 a.m.
Registration Date	Oct. 16, 2024, noon
Last Update	Oct. 31, 2024, 10:35 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuoct2024.html

Common Vulnerabilities List

JVN Vulnerability Information

Oracle Java SE および Oracle GraalVM for JDK、Oracle GraalVM Enterprise Edition における Networking に関する脆弱性

Title	Oracle Java SE および Oracle GraalVM for JDK、Oracle GraalVM Enterprise Edition における Networking に関する脆弱性
Summary	Oracle Java SE および Oracle GraalVM for JDK、Oracle GraalVM Enterprise Edition には、Networking に関する処理に不備があるため、可用性に影響のある脆弱性が存在します。
Possible impacts	リモートの攻撃者により、サービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 15, 2024, midnight
Registration Date	June 30, 2025, 11:23 a.m.
Last Update	June 30, 2025, 11:23 a.m.

Affected System

オラクル

JDK 11.0.24

JDK 17.0.12

JDK 21.0.4

JDK 23

JDK 8 Update 421

JDK 8 Update 421-perf

JRE 11.0.24

JRE 17.0.12

JRE 21.0.4

JRE 23

JRE 8 Update 421

JRE 8 Update 421-perf

Oracle GraalVM Enterprise Edition 20.3.15

Oracle GraalVM Enterprise Edition 21.3.11

Oracle GraalVM for JDK 17.0.12

Oracle GraalVM for JDK 21.0.4

Oracle GraalVM for JDK 23

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-21208	https://www.cve.org/CVERecord?id=CVE-2024-21208
National Vulnerability Database (NVD)
2	CVE-2024-21208	https://nvd.nist.gov/vuln/detail/CVE-2024-21208

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-203	https://cwe.mitre.org/data/definitions/203.html

ベンダー情報

No	Name	URL
Oracle Critical Patch Update
1	Oracle Critical Patch Update Advisory - October 2024	https://www.oracle.com/security-alerts/cpuoct2024.html
2	Text Form of Oracle Critical Patch Update - October 2024 Risk Matrices	https://www.oracle.com/security-alerts/cpuoct2024verbose.html
富士通セキュリティ情報
3	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	https://www.fmworld.net/biz/common/oracle/20241017.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Oracle Java の脆弱性対策について(2024年10月)	https://www.ipa.go.jp/security/security-alert/2024/1016-jre.html

Change Log

No	Changed Details	Date of change
1	[2025年06月30日] 掲載	June 30, 2025, 11:23 a.m.