Oracle Java SE and GraalVM Libraries Denial-of-Service Vulnerability

A vulnerability has been identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the Libraries component. Affected versions include Oracle Java SE 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, and 26; as well as Oracle GraalVM for JDK versions 17.0.18 and 21.0.10, and Oracle GraalVM Enterprise Edition 21.3.17. This vulnerability, which is difficult to exploit, allows an unauthenticated attacker with network access via multiple protocols to compromise the affected Java environments. Successful exploitation can lead to a partial denial-of-service, causing some disruption to the application's availability. The vulnerability can be triggered using APIs in the Libraries component, such as through a web service that provides data to these APIs. It also affects Java deployments that run untrusted code from the internet in a sandboxed environment, relying on the Java sandbox for security.

Impact

Exploitation of this vulnerability can cause a partial denial-of-service, disrupting the availability of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition.