PT-2022-6864 · Oracle+10 · Oracle Java Se+12

Kn32

Published

2022-10-18

Updated

2026-05-08

CVE-2022-21626

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1 Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0

Description The issue is related to an uncontrolled consumption of resources in the Security component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise the system, resulting in a partial denial of service. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable Security component until a patch is available. Avoid using APIs in the specified component that may supply data to untrusted sources until the issue is resolved.

Exploit

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

ALSA-2022:6999

ALSA-2022:7000

ALSA-2022:7006

ALSA-2022:7007

ALSA-2022:7012

ALSA-2022:7013

ALT-PU-2022-7670

ALT-PU-2022-7671

ALT-PU-2023-8449

ALT-PU-2023-8454

ALT-PU-2023-8460

ALT-PU-2025-6317

BDU:2023-05205

BIT-JAVA-2022-21626

BIT-JAVA-MIN-2022-21626

BIT-JRE-2022-21626

CESA-2022_7000

CESA-2022_7002

CESA-2022_7006

CESA-2022_7008

CESA-2022_7012

CESA-2023_0128

CVE-2022-21626

DLA-3307-1

DSA-5331-1

MGASA-2022-0435

OESA-2022-2150

OESA-2022-2151

OESA-2022-2152

OESA-2022-2154

OPENSUSE-SU-2022_4078-1

OPENSUSE-SU-2022_4166-1

OPENSUSE-SU-2022_4250-1

OPENSUSE-SU-2022_4452-1

OPENSUSE-SU-2024:12431-1

OPENSUSE-SU-2024:12441-1

OPENSUSE-SU-2024:12442-1

OPENSUSE-SU-2024:12463-1

OPENSUSE-SU-2024:12464-1

OPENSUSE-SU-2024:12546-1

OPENSUSE-SU-2025:0066-1

OPENSUSE-SU-2025:0067-1

RHSA-2022:6999

RHSA-2022:7000

RHSA-2022:7001

RHSA-2022:7002

RHSA-2022:7003

RHSA-2022:7004

RHSA-2022:7005

RHSA-2022:7006

RHSA-2022:7007

RHSA-2022:7008

RHSA-2022:7009

RHSA-2022:7010

RHSA-2022:7011

RHSA-2022:7012

RHSA-2022:7013

RHSA-2022:8880

RHSA-2022_6999

RHSA-2022_7000

RHSA-2022_7002

RHSA-2022_7006

RHSA-2022_7007

RHSA-2022_7008

RHSA-2022_7012

RHSA-2022_7013

RHSA-2022_8880

RHSA-2023:0128

RHSA-2023_0128

RLSA-2022:6999

RLSA-2022:7000

RLSA-2022:7006

RLSA-2022:7007

RLSA-2022:7012

RLSA-2022:7013

ROSA-SA-2023-2151

SUSE-SU-2022:4078-1

SUSE-SU-2022:4080-1

SUSE-SU-2022:4166-1

SUSE-SU-2022:4250-1

SUSE-SU-2022:4290-1

SUSE-SU-2022:4373-1

SUSE-SU-2022:4452-1

USN-5719-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Java Platform

Linuxmint

Oracle Graalvm Enterprise Edition

Oracle Java Se

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-6864 · Oracle+10 · Oracle Java Se+12

CVE-2022-21626

Weakness Enumeration

Related Identifiers

Affected Products

References · 307