CVE-2022-21541

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

Affected packages

Git / github.com/openjdk/jdk15u

Affected ranges

Type: GIT
Repo: https://github.com/openjdk/jdk15u
Events: Introduced

4a588d89f01a650d90432cc14697a5a2ae2c97d3

Last affected

02e3b1dd58b824d5a9b44ff3cf2f53061b5c5ffd

Affected versions

Other

jdk-15+36

jdk-15-ga

jdk-15.*

jdk-15.0.1+1

jdk-15.0.1+2

jdk-15.0.1+3

jdk-15.0.1+4

jdk-15.0.1+5

jdk-15.0.1+6

jdk-15.0.1+7

jdk-15.0.1+8

jdk-15.0.1+9

jdk-15.0.1-ga

jdk-15.0.2+0

jdk-15.0.2+1

jdk-15.0.2+2

jdk-15.0.2+3

jdk-15.0.2+4

jdk-15.0.2+5

jdk-15.0.2+6

jdk-15.0.2+7

jdk-15.0.2-ga

jdk-15.0.3+0

jdk-15.0.3+1

jdk-15.0.3+2

jdk-15.0.3+3

jdk-15.0.3-ga

jdk-15.0.4+0

jdk-15.0.4+1

jdk-15.0.4+2

jdk-15.0.4+3

jdk-15.0.4+4

jdk-15.0.4+5

jdk-15.0.4-ga

jdk-15.0.5+0

jdk-15.0.5+1

jdk-15.0.5+2

jdk-15.0.5+3

jdk-15.0.5-ga

jdk-15.0.6+0

jdk-15.0.6+1

jdk-15.0.6+2

jdk-15.0.6+3

jdk-15.0.6+4

jdk-15.0.6+5

jdk-15.0.6-ga

jdk-15.0.7+0

jdk-15.0.7+1

jdk-15.0.7+2

jdk-15.0.7+3

jdk-15.0.7+4

jdk-15.0.7-ga

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21541.json"

Git / github.com/vim/vim

Affected ranges

Type: GIT
Repo: https://github.com/vim/vim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

779b74b2a23643aaac026341a4ed8bd6e04371e6

Affected versions

v7.*

v7.0001

v7.0002

v7.0007

v7.0008

v7.0009

v7.0010

v7.0011

v7.0012

v7.0015

v7.0016

v7.0017

v7.0018

v7.0019

v7.0020

v7.0021

v7.0022

v7.0023

v7.0024

v7.0025

v7.0026

v7.0027

v7.0028

v7.0029

v7.0030

v7.0031

v7.0032

v7.0033

v7.0034

v7.0035

v7.0036

v7.0037

v7.0038

v7.0039

v7.0040

v7.0041

v7.0042

v7.0043

v7.0044

v7.0045

v7.0046

v7.0047

v7.0048

v7.0049

v7.0050

v7.0051

v7.0052

v7.0053

v7.0054

v7.0055

v7.0056

v7.0057

v7.0058

v7.0059

v7.0060

v7.0061

v7.0062

v7.0063

v7.0064

v7.0065

v7.0066

v7.0067

v7.0068

v7.0069

v7.0070

v7.0071

v7.0072

v7.0073

v7.0074

v7.0075

v7.0076

v7.0077

v7.0078

v7.0079

v7.0080

v7.0081

v7.0082

v7.0083

v7.0084

v7.0085

v7.0086

v7.0087

v7.0088

v7.0089

v7.0090

v7.0091

v7.0092

v7.0093

v7.0094

v7.0095

v7.0096

v7.0097

v7.0098

v7.0099

v7.0100

v7.0101

v7.0102

v7.0103

v7.0104

v7.0105

v7.0106

v7.0107

v7.0108

v7.0109

v7.0110

v7.0111

v7.0112

v7.0113

v7.0114

v7.0115

v7.0116

v7.0117

v7.0118

v7.0119

v7.0120

v7.0121

v7.0122

v7.0123

v7.0124

v7.0125

v7.0126

v7.0127

v7.0128

v7.0129

v7.0130

v7.0131

v7.0132

v7.0133

v7.0134

v7.0135

v7.0136

v7.0137

v7.0138

v7.0139

v7.0140

v7.0141

v7.0142

v7.0143

v7.0144

v7.0145

v7.0146

v7.0147

v7.0148

v7.0149

v7.0150

v7.0151

v7.0152

v7.0153

v7.0154

v7.0155

v7.0156

v7.0157

v7.0158

v7.0159

v7.0160

v7.0161

v7.0162

v7.0163

v7.0164

v7.0165

v7.0166

v7.0167

v7.0168

v7.0169

v7.0170

v7.0171

v7.0172

v7.0173

v7.0174

v7.0175

v7.0176

v7.0177

v7.0178

v7.0179

v7.0180

v7.0181

v7.0182

v7.0183

v7.0184

v7.0185

v7.0186

v7.0187

v7.0188

v7.0189

v7.0191

v7.0192

v7.0193

v7.0194

v7.0195

v7.0196

v7.0197

v7.0198

v7.0199

v7.0200

v7.0201

v7.0202

v7.0203

v7.0204

v7.0205

v7.0206

v7.0207

v7.0208

v7.0209

v7.0210

v7.0211

v7.0212

v7.0213

v7.0214

v7.0216

v7.0217

v7.0218

v7.0219

v7.0220

v7.0221

v7.0222

v7.0223

v7.0224

v7.0225

v7.0226

v7.0227

v7.0228

v7.0229

v7.0230

v7.0231

v7.0232

v7.0b

v7.0b01

v7.0b02

v7.0c

v7.0c01

v7.0c02

v7.0c03

v7.0c10

v7.0c11

v7.0c12

v7.0c13

v7.0d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21541.json"