CVE-2022-21365

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21365
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21365.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-21365
Related
Published
2022-01-19T12:15:15Z
Modified
2025-04-06T04:59:31.622287Z
Downstream
Summary
[none]
Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

Affected packages

Debian:11 / openjdk-11

Package

Name
openjdk-11
Purl
pkg:deb/debian/openjdk-11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.14+9-1~deb11u1

Affected versions

11.*

11.0.12+7-2
11.0.13+8-1~deb10u1
11.0.13+8-1~deb11u1
11.0.13+8-1
11.0.14+9-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.2+8-1~deb11u1

Affected versions

Other

17~19-1
17~24-1
17~27-1
17~29-1
17~31ea-1
17~33ea-1
17~35ea-1
17+35-1

17.*

17.0.1+12-1
17.0.1+12-1+deb11u1
17.0.1+12-1+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.2+8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.2+8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/openjdk/jdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/openjdk/jdk15u
Events
Type
GIT
Repo
https://github.com/openjdk/jdk8u
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

Other

jdk-15+36
jdk-15-ga
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b109
jdk7-b110
jdk7-b111
jdk7-b112
jdk7-b113
jdk7-b114
jdk7-b115
jdk7-b116
jdk7-b117
jdk7-b118
jdk7-b119
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b142
jdk7-b143
jdk7-b144
jdk7-b145
jdk7-b146
jdk7-b147
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b47
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b52
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b57
jdk7-b58
jdk7-b59
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b67
jdk7-b68
jdk7-b69
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b02
jdk8-b03
jdk8-b04
jdk8-b05
jdk8-b06
jdk8-b07
jdk8-b08
jdk8-b09
jdk8-b10
jdk8-b100
jdk8-b101
jdk8-b102
jdk8-b103
jdk8-b104
jdk8-b105
jdk8-b106
jdk8-b107
jdk8-b108
jdk8-b109
jdk8-b11
jdk8-b110
jdk8-b111
jdk8-b112
jdk8-b113
jdk8-b114
jdk8-b115
jdk8-b116
jdk8-b117
jdk8-b118
jdk8-b119
jdk8-b12
jdk8-b120
jdk8-b121
jdk8-b13
jdk8-b14
jdk8-b15
jdk8-b16
jdk8-b17
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b47
jdk8-b48
jdk8-b49
jdk8-b50
jdk8-b51
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk8-b56
jdk8-b57
jdk8-b58
jdk8-b59
jdk8-b60
jdk8-b61
jdk8-b62
jdk8-b63
jdk8-b64
jdk8-b65
jdk8-b66
jdk8-b67
jdk8-b68
jdk8-b69
jdk8-b70
jdk8-b71
jdk8-b72
jdk8-b73
jdk8-b74
jdk8-b75
jdk8-b76
jdk8-b77
jdk8-b78
jdk8-b79
jdk8-b80
jdk8-b81
jdk8-b82
jdk8-b83
jdk8-b84
jdk8-b85
jdk8-b86
jdk8-b87
jdk8-b88
jdk8-b89
jdk8-b90
jdk8-b91
jdk8-b92
jdk8-b93
jdk8-b94
jdk8-b95
jdk8-b96
jdk8-b97
jdk8-b98
jdk8-b99

jdk-15.*

jdk-15.0.1+1
jdk-15.0.1+2
jdk-15.0.1+3
jdk-15.0.1+4
jdk-15.0.1+5
jdk-15.0.1+6
jdk-15.0.1+7
jdk-15.0.1+8
jdk-15.0.1+9
jdk-15.0.1-ga
jdk-15.0.2+0
jdk-15.0.2+1
jdk-15.0.2+2
jdk-15.0.2+3
jdk-15.0.2+4
jdk-15.0.2+5
jdk-15.0.2+6
jdk-15.0.2+7
jdk-15.0.2-ga
jdk-15.0.3+0
jdk-15.0.3+1
jdk-15.0.3+2
jdk-15.0.3+3
jdk-15.0.3-ga
jdk-15.0.4+0
jdk-15.0.4+1
jdk-15.0.4+2
jdk-15.0.4+3
jdk-15.0.4+4
jdk-15.0.4+5
jdk-15.0.4-ga
jdk-15.0.5+0
jdk-15.0.5+1
jdk-15.0.5+2
jdk-15.0.5+3
jdk-15.0.5-ga

vm-19.*

vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6

vm-20.*

vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4

vm-21.*

vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0
vm-21.3.0