5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.4%
Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget
discovered that the DTLS implementation in the JSSE subsystem of OpenJDK
did not properly restrict handshake initiation requests from clients. A
remote attacker could possibly use this to cause a denial of service.
(CVE-2023-21835)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | openjdk-11-jre-headless | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-dbg | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-demo | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-doc | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-jdk | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-jdk-headless | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-jre | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-jre-zero | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-11-source | < 11.0.18+10-0ubuntu1~22.10 | UNKNOWN |
Ubuntu | 22.10 | noarch | openjdk-17-jre-headless | < 17.0.6+10-0ubuntu1~22.10 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.4%