CVE-2022-21365
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-21365
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21365.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-21365
- Related
- Published
- 2022-01-19T12:15:15Z
- Modified
- 2025-04-06T04:59:31.622287Z
- Downstream
- Summary
- [none]
- Details
-
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
- References
-
- https://security.gentoo.org/glsa/202209-05
- https://security.netapp.com/advisory/ntap-20220121-0007/
- https://www.debian.org/security/2022/dsa-5057
- https://www.debian.org/security/2022/dsa-5058
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html
- https://security-tracker.debian.org/tracker/CVE-2022-21365
Affected packages
Debian:11 / openjdk-11
Package
- Name
- openjdk-11
- Purl
- pkg:deb/debian/openjdk-11?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.14+9-1~deb11u1
Debian:11 / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/debian/openjdk-17?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.2+8-1~deb11u1
Debian:12 / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/debian/openjdk-17?arch=source
Debian:13 / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/debian/openjdk-17?arch=source
Git / github.com/graalvm/graalvm-ce-builds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graalvm/graalvm-ce-builds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/openjdk/jdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/openjdk/jdk15u
- Events
-
IntroducedLast affected
- Type
- GIT
- Repo
- https://github.com/openjdk/jdk8u
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
Other
jdk-15+36
jdk-15-ga
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b109
jdk7-b110
jdk7-b111
jdk7-b112
jdk7-b113
jdk7-b114
jdk7-b115
jdk7-b116
jdk7-b117
jdk7-b118
jdk7-b119
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b142
jdk7-b143
jdk7-b144
jdk7-b145
jdk7-b146
jdk7-b147
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b47
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b52
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b57
jdk7-b58
jdk7-b59
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b67
jdk7-b68
jdk7-b69
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b02
jdk8-b03
jdk8-b04
jdk8-b05
jdk8-b06
jdk8-b07
jdk8-b08
jdk8-b09
jdk8-b10
jdk8-b100
jdk8-b101
jdk8-b102
jdk8-b103
jdk8-b104
jdk8-b105
jdk8-b106
jdk8-b107
jdk8-b108
jdk8-b109
jdk8-b11
jdk8-b110
jdk8-b111
jdk8-b112
jdk8-b113
jdk8-b114
jdk8-b115
jdk8-b116
jdk8-b117
jdk8-b118
jdk8-b119
jdk8-b12
jdk8-b120
jdk8-b121
jdk8-b13
jdk8-b14
jdk8-b15
jdk8-b16
jdk8-b17
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b47
jdk8-b48
jdk8-b49
jdk8-b50
jdk8-b51
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk8-b56
jdk8-b57
jdk8-b58
jdk8-b59
jdk8-b60
jdk8-b61
jdk8-b62
jdk8-b63
jdk8-b64
jdk8-b65
jdk8-b66
jdk8-b67
jdk8-b68
jdk8-b69
jdk8-b70
jdk8-b71
jdk8-b72
jdk8-b73
jdk8-b74
jdk8-b75
jdk8-b76
jdk8-b77
jdk8-b78
jdk8-b79
jdk8-b80
jdk8-b81
jdk8-b82
jdk8-b83
jdk8-b84
jdk8-b85
jdk8-b86
jdk8-b87
jdk8-b88
jdk8-b89
jdk8-b90
jdk8-b91
jdk8-b92
jdk8-b93
jdk8-b94
jdk8-b95
jdk8-b96
jdk8-b97
jdk8-b98
jdk8-b99
jdk-15.*
jdk-15.0.1+1
jdk-15.0.1+2
jdk-15.0.1+3
jdk-15.0.1+4
jdk-15.0.1+5
jdk-15.0.1+6
jdk-15.0.1+7
jdk-15.0.1+8
jdk-15.0.1+9
jdk-15.0.1-ga
jdk-15.0.2+0
jdk-15.0.2+1
jdk-15.0.2+2
jdk-15.0.2+3
jdk-15.0.2+4
jdk-15.0.2+5
jdk-15.0.2+6
jdk-15.0.2+7
jdk-15.0.2-ga
jdk-15.0.3+0
jdk-15.0.3+1
jdk-15.0.3+2
jdk-15.0.3+3
jdk-15.0.3-ga
jdk-15.0.4+0
jdk-15.0.4+1
jdk-15.0.4+2
jdk-15.0.4+3
jdk-15.0.4+4
jdk-15.0.4+5
jdk-15.0.4-ga
jdk-15.0.5+0
jdk-15.0.5+1
jdk-15.0.5+2
jdk-15.0.5+3
jdk-15.0.5-ga
vm-19.*
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6
vm-20.*
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4
vm-21.*
vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0
vm-21.3.0