CVE-2022-23307

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Log4j versions 1.2.x Apache Log4j (affected versions not specified)

Description The issue is related to the restoration of untrusted data in memory, which can allow a remote attacker to execute arbitrary code. It is also identified as a deserialization issue that was present in Apache Chainsaw, a component of Apache Log4j 1.2.x.

Recommendations For Apache Log4j versions 1.2.x, migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the library. At the moment, there is no information about a newer version that contains a fix for this vulnerability in other affected versions.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

ALSA-2022:0290

BDU:2022-01069

CESA-2022_0290

CESA-2022_0442

CVE-2022-23307

DLA-2905-1

GHSA-F7VH-QWP3-X37M

OESA-2022-1513

OESA-2022-2065

OPENSUSE-SU-2022:0038-1

OPENSUSE-SU-2022:0214-1

OPENSUSE-SU-2022:0226-1

OPENSUSE-SU-2022_0040-1

OPENSUSE-SU-2022_0214-1

OPENSUSE-SU-2022_0226-1

OPENSUSE-SU-2024:11759-1

OPENSUSE-SU-2024:11838-1

RHSA-2022:0289

RHSA-2022:0290

RHSA-2022:0291

RHSA-2022:0294

RHSA-2022:0436

RHSA-2022:0438

RHSA-2022:0439

RHSA-2022:0442

RHSA-2022:0447

RHSA-2022:0448

RHSA-2022:0475

RHSA-2022:0524

RHSA-2022:1296

RHSA-2022:1297

RHSA-2022:5459

RHSA-2022:5460

RHSA-2022_0290

RHSA-2022_0442

RHSA-2024:10207

RHSA-2024:5856

RLSA-2022:0290

ROSA-SA-2024-2519

SUSE-SU-2022:0212-1

SUSE-SU-2022:0214-1

SUSE-SU-2022:0226-1

SUSE-SU-2022:0354-1

SUSE-SU-2022:0355-1

SUSE-SU-2022:14881-1

USN-5998-1

USN-7590-1

Affected Products

Almalinux

Apache Chainsaw

Apache Log4J

Astra Linux

Centos

Jira

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2022-23307

Weakness Enumeration

Related Identifiers

Affected Products

References · 100