CVE-2022-21283

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0

Description The vulnerability is related to insufficient handling of exceptional states in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition. It can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to cause a partial denial of service (partial DOS) of Oracle Java SE and Oracle GraalVM Enterprise Edition. This issue applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs.

Recommendations For Oracle Java SE versions 11.0.13, 17.0.1: Update to a newer version to mitigate the risk. For Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0: Update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable Libraries component until a patch is available. Avoid using APIs in the specified component to minimize the risk of exploitation.