Lucene search

K
ubuntuUbuntuUSN-5719-1
HistoryNov 09, 2022 - 12:00 a.m.

OpenJDK vulnerabilities

2022-11-0900:00:00
ubuntu.com
23

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

Releases

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • openjdk-17 - Open Source Java implementation
  • openjdk-19 - Open Source Java implementation
  • openjdk-8 - Open Source Java implementation
  • openjdk-lts - Open Source Java implementation

Details

It was discovered that OpenJDK incorrectly handled long client hostnames.
An attacker could possibly use this issue to cause the corruption of
sensitive information. (CVE-2022-21619)

It was discovered that OpenJDK incorrectly randomized DNS port numbers. A
remote attacker could possibly use this issue to perform spoofing attacks.
(CVE-2022-21624)

It was discovered that OpenJDK did not limit the number of connections
accepted from HTTP clients. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21628)

It was discovered that OpenJDK incorrectly handled X.509 certificates. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626)

It was discovered that OpenJDK incorrectly handled cached server
connections. An attacker could possibly use this issue to perform spoofing
attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-39399)

It was discovered that OpenJDK incorrectly handled byte conversions. An
attacker could possibly use this issue to obtain sensitive information.
This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-21618)

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%