CVE-2022-21340 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition.

CVE-2022-21340 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition.

by using the CVE-2018-1064 vulnerability in the Java NIO package. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 V

Overview:

Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability

This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. This vulnerability was originally introduced in CVE-2018-1064. Published: February 05, 2018; 06:15:03 PM -05:00

Oracle Java Vulnerability Types##

The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries.

Oracle Java JDK and JRE end of report

By using the CVE-2018-1064 vulnerability in the Java NIO package, an attacker is able to affect confidentiality, integrity, and availability.
The following is a timeline of events from ZDI's publication of this vulnerability:

February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00
February 08, 2018; 01:50:02 PM -04:00 Oracle releases security advisory    
ZDI releases proof of concept exploit code
Oracle responds by blocking vulnerable versions of Java and fixes them in their next release

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe