PT-2023-13790 · Oracle+5 · Oracle Jdk+5

Published

2023-01-28

·

Updated

2024-02-17

·

CVE-2022-40433

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Oracle JDK (HotSpot VM) versions 11 through 17 OpenJDK (HotSpot VM) versions 8 through 17
Description An issue was discovered in the function ciMethodBlocks::make block at, allowing attackers to cause a denial of service. The vendor states that this is considered Defense in Depth at most due to the nature of the issue and the special circumstances required, such as the server running particular code locally and code compiled with an old version of javac.
Recommendations For Oracle JDK (HotSpot VM) versions 11 through 17, consider disabling the ciMethodBlocks::make block at function until a patch is available. For OpenJDK (HotSpot VM) versions 8 through 17, restrict access to the ciMethodBlocks::make block at function to minimize the risk of exploitation. However, since the CVE ID has been rejected by its CNA as it was not a security issue, no further action is required. At the moment, there is no information about a newer version that contains a fix for this issue, but given the rejection, no fix is expected.

Exploit

Fix

Related Identifiers

ALSA-2023:5731
ALSA-2023:5733
CESA-2023_5731
CVE-2022-40433
DSA-5331-1
MGASA-2023-0326
OESA-2023-1600
OESA-2023-1601
OESA-2023-1602
OESA-2023-1603
OESA-2023-1617
OESA-2023-1618
OESA-2023-1642
OESA-2023-1643
OESA-2023-1644
OESA-2023-1645
OESA-2023-1646
OESA-2023-1650
OESA-2023-1737
OESA-2023-1738
OESA-2023-1739
RHSA-2023:5727
RHSA-2023:5728
RHSA-2023:5729
RHSA-2023:5730
RHSA-2023:5731
RHSA-2023:5732
RHSA-2023:5733
RHSA-2023_5731
RHSA-2023_5733
USN-6528-1

Affected Products

Almalinux
Centos
Linuxmint
Oracle Jdk
Red Hat
Ubuntu