CVE-2022-21340 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition.
by using the CVE-2018-1064 vulnerability in the Java NIO package. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00 V
Overview:
Oracle Java SE, Oracle GraalVM Enterprise Edition Component - Libraries - Vulnerability
This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. This vulnerability was originally introduced in CVE-2018-1064. Published: February 05, 2018; 06:15:03 PM -05:00
Oracle Java Vulnerability Types##
The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries.
Oracle Java JDK and JRE end of report
By using the CVE-2018-1064 vulnerability in the Java NIO package, an attacker is able to affect confidentiality, integrity, and availability.
The following is a timeline of events from ZDI's publication of this vulnerability:
February 05, 2018; 06:15:03 PM -05:00 Vulnerability: Oracle Java SE Libraries - Vulnerability This vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries. Was ZDI-17-818. Published: February 05, 2018; 06:15:03 PM -05:00
February 08, 2018; 01:50:02 PM -04:00 Oracle releases security advisory
ZDI releases proof of concept exploit code
Oracle responds by blocking vulnerable versions of Java and fixes them in their next release
Timeline
Published on: 01/19/2022 12:15:00 UTC
Last modified on: 05/13/2022 15:05:00 UTC
References
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://security.netapp.com/advisory/ntap-20220121-0007/
- https://www.debian.org/security/2022/dsa-5057
- https://www.debian.org/security/2022/dsa-5058
- https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21340