Oracle Java SE and GraalVM for JDK Compiler Component Denial-of-Service Vulnerability

A vulnerability has been identified in Oracle Java SE and Oracle GraalVM for JDK, both in version 24.0.1, within the Compiler component. This vulnerability allows an unauthenticated attacker with network access to compromise the affected Java environments. Exploitation of this vulnerability can lead to a partial denial-of-service condition, causing disruptions in the normal functioning of the Java application. The issue is particularly relevant for Java deployments that execute untrusted code from the internet, such as sandboxed Java Web Start applications or applets, and rely on the Java security sandbox. In contrast, deployments on servers that only run trusted code are not affected.

Impact

Exploitation of this vulnerability can cause a partial denial-of-service condition, disrupting the normal operation of Oracle Java SE or Oracle GraalVM for JDK.