CVE-2021-35565

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-35565
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-35565.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-35565
Downstream
Related
Published
2021-10-20T11:16:37Z
Modified
2025-09-19T13:04:11.003439Z
Summary
[none]
Details

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
55ff3f2503007a859219b5e7f68b0f6ca95225f0
Last affected
771d7a8d2b73cf72a2622ca6305dcc9e9306f296

Affected versions

vm-19.*

vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6

vm-20.*

vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3

vm-21.*

vm-21.0.0
vm-21.0.0.2
vm-21.1.0