openJDK is vulnerable to denial of service. The vulnerability exists through incorrect handling of references to uninitialized class descriptors during deserialization which allows an attacker to cause an application crash.
lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html
lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html
lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html
access.redhat.com/errata/RHSA-2020:2236
access.redhat.com/security/updates/classification/#important
kc.mcafee.com/corporate/index?page=content&id=SB10332
lists.debian.org/debian-lts-announce/2020/04/msg00024.html
lists.fedoraproject.org/archives/list/[email protected]/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
lists.fedoraproject.org/archives/list/[email protected]/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
lists.fedoraproject.org/archives/list/[email protected]/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
security.gentoo.org/glsa/202006-22
security.gentoo.org/glsa/202209-15
security.netapp.com/advisory/ntap-20200416-0004/
usn.ubuntu.com/4337-1/
www.debian.org/security/2020/dsa-4662
www.debian.org/security/2020/dsa-4668
www.oracle.com/security-alerts/cpuapr2020.html