CVE-2023-22025Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Java SE JDK AND JRE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents9 sources
Severity
3.7LOWNVD
EPSS
0.1%
top 67.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Corporation Java SE JDK AND JREOracle Graalvm FOR JDKOracle JDK+1 more
Timeline
PublishedOct 17
Latest updateJul 16

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterp

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDoracle/graalvm17.0.8, 21+1
NVDoracle/jdk1.8.0, 17.0.8, 21.0.0+2
NVDoracle/jre1.8.0, 17.0.8, 21.0.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
openjdk-17, openjdk-21, openjdk-lts vulnerabilities2023-11-29
OSV
openjdk-8 vulnerabilities2023-11-29
GHSA
GHSA-7498-h3m9-7wv2: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot)2023-10-18
CVEList
CVE-2023-22025: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot)2023-10-17
OSV
CVE-2023-22025: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot)2023-10-17

📋Vendor Advisories

6
Atlassian
CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-209452024-07-16
Ubuntu
OpenJDK 8 vulnerabilities2023-11-29
Ubuntu
OpenJDK vulnerabilities2023-11-29
Oracle
Oracle Oracle Java SE Risk Matrix: Hotspot — CVE-2023-220252023-10-15
Red Hat
OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)2023-09-26
CVE-2023-22025 — LOW severity | cvebase