CVE-2022-21541

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21541

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21541.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21541

Related

Published

2022-07-19T22:15:11Z

Modified

2024-09-11T08:05:49.316727Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

Affected packages

Debian:11 / openjdk-11

Package

Name: openjdk-11
Purl: pkg:deb/debian/openjdk-11?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.16+8-1~deb11u1

Affected versions

11.*

11.0.12+7-2

11.0.13+8-1~deb10u1

11.0.13+8-1~deb11u1

11.0.13+8-1

11.0.14+9-1~deb10u1

11.0.14+9-1~deb11u1

11.0.14+9-1

11.0.14.1+1-1

11.0.15+10-1~deb10u1

11.0.15+10-1~deb11u1

11.0.15+10-1

11.0.16+8-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / openjdk-17

Package

Name: openjdk-17
Purl: pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.4+8-1~deb11u1

Affected versions

Other

17~19-1

17~24-1

17~27-1

17~29-1

17~31ea-1

17~33ea-1

17~35ea-1

17+35-1

17.*

17.0.1+12-1

17.0.1+12-1+deb11u1

17.0.1+12-1+deb11u2

17.0.2+8-1~deb11u1

17.0.2+8-1

17.0.3+7-1~deb11u1

17.0.3+7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openjdk-17

Package

Name: openjdk-17
Purl: pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.4+8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openjdk-17

Package

Name: openjdk-17
Purl: pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.4+8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type: GIT
Repo: https://github.com/graalvm/graalvm-ce-builds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

283b613ae93663c6d5d66ef63e43e9dbc8bfffd8

Last affected

3f79371c56c7b91e624de14e3ae096d273f5d020

Last affected

ac51a376132442367913ff0a3937b77f61ce58fe

Type: GIT
Repo: https://github.com/openjdk/jdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0620440d1f92448c18cedb790913579beaff19d8

Last affected

0bd0f10d2c5965369490624627f16a39d35c8734

Last affected

0d3829a2c5a70961ffc539865adc1442c1a30bb1

Last affected

0f2113cee79b9645105b4753c7d7eacb83b872c2

Last affected

13ad3ed8b99f8c872eebb5d0bb647d5bb44ea0b5

Last affected

1408dbfdbe550dcdea4cb9a849fab6cb371ded18

Last affected

181483b90bcc7d4e44109a14213d4ee2804f7f32

Last affected

1c11f83e9262d3bf07b9d095a7b1d3659f1f2a9e

Last affected

22e500e3a917594cd93baaf8b5c7d29360d250d1

Last affected

27cab0e0c87f124277c7afeb5dd6a8750443804e

Last affected

34063e3656db6d0cadb9168f37024e6e66fc2372

Last affected

38378b7ee032d70653b3f0d4205f2305cf4f1170

Last affected

38930ae468910fb1d763f18c1d9473beffa7f3cb

Last affected

423befc9a0123b2cf13041f8acbb2a0000ddccdc

Last affected

493ac9ee8f9c4fb66b687bd740b8e1fb5ee8b86a

Last affected

6412341d454eee8a151cf89b51cabfb7b3d87140

Last affected

650aac0d5e472ff99afc1cccf900bdee2002286b

Last affected

69efabad3d8a2ff47a62a4626c574a56edec1cfd

Last affected

6c04fd835e86522d2136ee663e19cfd5f71b9aa8

Last affected

6e1d4b9a47d7a164e183703af6dc196269487729

Last affected

7517b9d19367e1f057e5450d7871135b5f878d02

Last affected

7588f37667fd2a8c00d9a1a6e1afc605b75e0dc2

Last affected

75c48b0d1b36d9361a412ee2db2f51b7d9b6ef1c

Last affected

7ba83041b1d65545833655293d0976dfd1ffdea8

Last affected

7c18f827d7f096cbeb96b086a8516754f0c70221

Last affected

7ff3916e57ab852014885c3e7bdb95e5c1ed8c1e

Last affected

81ecd2932e0caee8ed01955fccc9e958c6a5cda3

Last affected

8261ee6da3c5843806c20808cc4206c73bb0efac

Last affected

82d185e64838992b019c90133d508d479d5ced0a

Last affected

880e09412543af479bc335faeda6196489a2a045

Last affected

88b37fb2a8aecf2b0afa75904d212da11919aa98

Last affected

925752098ba63b25c1cb635f50a53684d4094f8b

Last affected

9d43d25da8bcfff425a795dcc230914a384a5c82

Last affected

b4b746fb274cb65f8cbf4a884bb20749a8f35d2b

Last affected

ba79b2bcce1ceefdeb44bb7075bc5d2647a56834

Last affected

bd04d75035a888d5034c5f7e2e0508d1d28d14af

Last affected

c1ff9b2e3b5e31e5874ca7d7a38ea4fbd9bbdd5d

Last affected

cfa6e0878b1aff48b521ee21d2598abe7f4964c2

Last affected

d08e6435e4026542e4d4bffdf12748e83ef0f9fb

Last affected

d38a1f186d640dede9fccb727ec98db3a413f9d8

Last affected

d49120d46668eaaab9df465a9ee17b696cb4e37f

Last affected

e21ea57f72b20424ac38930bcf56513cd42642e5

Last affected

e514f9072fc6ea3d2ad4e9a81251bf1fc1ed1eb6

Last affected

e7187d14db3748428c4a312203549f7ee31d4471

Last affected

e7d87b234c444e39369e8575284f785c56113324

Last affected

e9a2e84e45e1120aa306a01dfb087200f6a7f903

Last affected

ed6697aa20e3f9c17a496a544b10bfe3543de38f

Type: GIT
Repo: https://github.com/openjdk/jdk15u
Events: Introduced

4a588d89f01a650d90432cc14697a5a2ae2c97d3

Last affected

02e3b1dd58b824d5a9b44ff3cf2f53061b5c5ffd

Affected versions

Other

jdk-15+36

jdk-15-ga

jdk7-b24

jdk7-b25

jdk7-b26

jdk7-b27

jdk7-b28

jdk7-b29

jdk7-b30

jdk7-b31

jdk7-b32

jdk7-b33

jdk7-b34

jdk7-b35

jdk7-b36

jdk7-b37

jdk7-b38

jdk7-b39

jdk7-b40

jdk7-b41

jdk7-b42

jdk7-b43

jdk7-b44

jdk7-b45

jdk-15.*

jdk-15.0.1+1

jdk-15.0.1+2

jdk-15.0.1+3

jdk-15.0.1+4

jdk-15.0.1+5

jdk-15.0.1+6

jdk-15.0.1+7

jdk-15.0.1+8

jdk-15.0.1+9

jdk-15.0.1-ga

jdk-15.0.2+0

jdk-15.0.2+1

jdk-15.0.2+2

jdk-15.0.2+3

jdk-15.0.2+4

jdk-15.0.2+5

jdk-15.0.2+6

jdk-15.0.2+7

jdk-15.0.2-ga

jdk-15.0.3+0

jdk-15.0.3+1

jdk-15.0.3+2

jdk-15.0.3+3

jdk-15.0.3-ga

jdk-15.0.4+0

jdk-15.0.4+1

jdk-15.0.4+2

jdk-15.0.4+3

jdk-15.0.4+4

jdk-15.0.4+5

jdk-15.0.4-ga

jdk-15.0.5+0

jdk-15.0.5+1

jdk-15.0.5+2

jdk-15.0.5+3

jdk-15.0.5-ga

jdk-15.0.6+0

jdk-15.0.6+1

jdk-15.0.6+2

jdk-15.0.6+3

jdk-15.0.6+4

jdk-15.0.6+5

jdk-15.0.6-ga

jdk-15.0.7+0

jdk-15.0.7+1

jdk-15.0.7+2

jdk-15.0.7+3

jdk-15.0.7+4

jdk-15.0.7-ga

vm-19.*

vm-19.3.0

vm-19.3.0.2

vm-19.3.1

vm-19.3.2

vm-19.3.2-pre

vm-19.3.3

vm-19.3.4

vm-19.3.5

vm-19.3.6

vm-20.*

vm-20.0.0

vm-20.0.1

vm-20.1.0

vm-20.2.0

vm-20.3.0

vm-20.3.1

vm-20.3.1.2

vm-20.3.2

vm-20.3.3

vm-20.3.4

vm-20.3.5

vm-20.3.6

vm-21.*

vm-21.0.0

vm-21.0.0.2

vm-21.1.0

vm-21.2.0

vm-21.3.0

vm-21.3.1

vm-22.*

vm-22.0.0.2

vm-ce-21.*

vm-ce-21.2.0