Lucene search

K
osvGoogleOSV:USN-6077-1
HistoryMay 16, 2023 - 1:09 p.m.

openjdk-8, openjdk-lts, openjdk-17, openjdk-20 vulnerabilities

2023-05-1613:09:46
Google
osv.dev
17
openjdk
vulnerabilities
tls handshake
sensitive information
command arguments
html documents
garbage collection
java sandbox restrictions
certificate chains
denial of service
uris

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

49.9%

Ben Smyth discovered that OpenJDK incorrectly handled half-duplex
connections during TLS handshake. A remote attacker could possibly use
this issue to insert, edit or obtain sensitive information.
(CVE-2023-21930)

It was discovered that OpenJDK incorrectly handled certain inputs. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21937)

It was discovered that OpenJDK incorrectly handled command arguments. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21938)

It was discovered that OpenJDK incorrectly validated HTML documents. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21939)

Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage
collection. An attacker could possibly use this issue to bypass Java
sandbox restrictions. (CVE-2023-21954)

Jonathan Looney discovered that OpenJDK incorrectly handled certificate
chains during TLS session negotiation. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-21967)

Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2023-21968)

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

49.9%