vulnerability

Red Hat: CVE-2023-5676: JDK: Eclipse OpenJ9 JVM denial of service (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:M/Au:M/C:N/I:N/A:C)	Nov 15, 2023	Feb 21, 2024	Nov 14, 2025

Severity

CVSS

(AV:L/AC:M/Au:M/C:N/I:N/A:C)

Published

Nov 15, 2023

Added

Feb 21, 2024

Modified

Nov 14, 2025

Description

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-java-1-8-0-ibmredhat-upgrade-java-1-8-0-ibm-demoredhat-upgrade-java-1-8-0-ibm-develredhat-upgrade-java-1-8-0-ibm-headlessredhat-upgrade-java-1-8-0-ibm-jdbcredhat-upgrade-java-1-8-0-ibm-pluginredhat-upgrade-java-1-8-0-ibm-srcredhat-upgrade-java-1-8-0-ibm-webstart

References

CWE-362
CWE-364
NVD-CVE-2023-5676
REDHAT-RHSA-2024:0866
REDHAT-RHSA-2024:0879

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today