CVE-2022-21294

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4 and 21.3.0

Description The issue is related to an easily exploitable vulnerability in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with network access via multiple protocols to compromise the system. This can result in a partial denial of service. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.4 and 21.3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Libraries component until a patch is available. Avoid using APIs in the specified component until the issue is resolved.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2022:0161

ALSA-2022:0185

ALSA-2022:0307

ALT-PU-2022-7652

ALT-PU-2022-7653

ALT-PU-2022-7654

ALT-PU-2022-7655

BDU:2022-01994

BIT-JAVA-2022-21294

BIT-JAVA-MIN-2022-21294

BIT-JRE-2022-21294

CESA-2022_0161

CESA-2022_0185

CESA-2022_0204

CESA-2022_0306

CESA-2022_0307

CESA-2022_0970

CVE-2022-21294

DLA-2917-1

DSA-5057-1

DSA-5058-1

OESA-2022-1696

OESA-2022-1702

OESA-2022-1813

OPENSUSE-SU-2022:0816-1

OPENSUSE-SU-2022:0870-1

OPENSUSE-SU-2022:0873-1

OPENSUSE-SU-2022:1027-1

OPENSUSE-SU-2022_0816-1

OPENSUSE-SU-2022_0870-1

OPENSUSE-SU-2022_0873-1

OPENSUSE-SU-2022_1027-1

OPENSUSE-SU-2024:11798-1

OPENSUSE-SU-2024:11799-1

OPENSUSE-SU-2024:11800-1

OPENSUSE-SU-2024:11810-1

OPENSUSE-SU-2024:11895-1

RHSA-2022:0161

RHSA-2022:0185

RHSA-2022:0204

RHSA-2022:0209

RHSA-2022:0211

RHSA-2022:0233

RHSA-2022:0304

RHSA-2022:0305

RHSA-2022:0306

RHSA-2022:0307

RHSA-2022:0312

RHSA-2022:0968

RHSA-2022:0969

RHSA-2022:0970

RHSA-2022_0161

RHSA-2022_0185

RHSA-2022_0204

RHSA-2022_0306

RHSA-2022_0307

RHSA-2022_0968

RHSA-2022_0969

RHSA-2022_0970

RLSA-2022:0161

RLSA-2022:0185

RLSA-2022:0307

ROSA-SA-2023-2136

SUSE-SU-2022:0730-1

SUSE-SU-2022:0816-1

SUSE-SU-2022:0871-1

SUSE-SU-2022:0873-1

SUSE-SU-2022:1025-1

SUSE-SU-2022:1026-1

SUSE-SU-2022:1027-1

SUSE-SU-2022:14926-1

SUSE-SU-2022:14927-1

SUSE-SU-2022_14927-1

USN-5313-1

USN-5313-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Graalvm Enterprise Edition

Ibm Aix

Java Platform

Java Se

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-21294

Weakness Enumeration

Related Identifiers

Affected Products

References · 213