5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.8%
It was discovered that the HotSpot VM implementation in OpenJDK did not
properly validate bytecode blocks in certain situations. An attacker could
possibly use this to cause a denial of service. (CVE-2022-40433)
Carter Kozak discovered that OpenJDK, when compiling with AVX-512
instruction support enabled, could produce code that resulted in memory
corruption in certain situations. An attacker targeting applications built
in this way could possibly use this to cause a denial of service or execute
arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512
instructions. (CVE-2023-22025)
It was discovered that the CORBA implementation in OpenJDK did not properly
perform deserialization of IOR string objects. An attacker could possibly
use this to bypass Java sandbox restrictions. (CVE-2023-22067)
It was discovered that OpenJDK did not properly perform PKIX certification
path validation in certain situations. An attacker could use this to cause
a denial of service. (CVE-2023-22081)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | openjdk-8-jdk | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-dbg | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-demo | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-doc | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-jdk-headless | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-jre | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-jre-headless | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-jre-zero | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.10 | noarch | openjdk-8-source | < 8u392-ga-1~23.10 | UNKNOWN |
Ubuntu | 23.04 | noarch | openjdk-8-jdk | < 8u392-ga-1~23.04 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.8%