Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-34169

Опубликовано: 19 июл. 2022
Источник: debian
EPSS Средний

Описание

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openjdk-8fixed8u342-b07-1package
openjdk-11fixed11.0.16+8-1package
openjdk-17fixed17.0.4+8-1package
bcelfixed6.5.0-2package

Примечания

  • https://www.openwall.com/lists/oss-security/2022/07/19/5

  • https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297

  • Bug is most likely only in bcel which libxalan2-java depends on.

  • https://github.com/apache/commons-bcel/pull/147

  • https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5

EPSS

Процентиль: 93%
0.1173
Средний

Связанные уязвимости

ubuntu логотип

CVE-2022-34169

CVSS3: 7.5
ubuntu
почти 3 года назад

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

redhat логотип

CVE-2022-34169

CVSS3: 7.5
redhat
почти 3 года назад

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

nvd логотип

CVE-2022-34169

CVSS3: 7.5
nvd
почти 3 года назад

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

suse-cvrf логотип

SUSE-RU-2024:3971-1

suse-cvrf
7 месяцев назад

Recommended update for mojo-parent

github логотип

GHSA-9339-86wc-4qgf

CVSS3: 7.5
github
почти 3 года назад

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

EPSS

Процентиль: 93%
0.1173
Средний