openjdk is vulnerable to denial of service. It was discovered that crypto provider implementations in the JCE component of OpenJDK for crypto algorithms such as AES or SHA did not perform array bounds checks. This can lead to out-of-bounds access if compiler intrinsics were used instead of the Java runtime implementations of the specific operations.
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
access.redhat.com/errata/RHSA-2019:1811
access.redhat.com/security/updates/classification/#moderate
kc.mcafee.com/corporate/index?page=content&id=SB10300
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/4080-1/