CVE-2022-31139 UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. The internal data of UA is protected by JVM and others can only access UA via UA's standard API.

CVE-2022-31139 UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. The internal data of UA is protected by JVM and others can only access UA via UA's standard API.

When `SecurityCheck.AccessLimiter` is set up, the instance of UA can be accessed by `new UAccessor` and `UnsafeAccessor` instances. Therefore, the main application should always set up `SecurityCheck.AccessLimiter` when `UnsafeAccessor` is used. In addition, the main application should set `SecurityCheck.AccessLimiter` to `UnsafeAccessor.UnsafeAccessor(java.lang.String)`. The patch in version 1.7.0 fixes this issue. This issue has been backported to version 1.4.0, which is the release prior to 1.7.0. Therefore, if you are using 1.4.0 or prior, you need to patch 1.7.0.

How to Patch shameless plug

If you are using shameless plug, the patch is easy. Download the bundle and replace it with the patched version.

CVE-2021-31138

When `SecurityCheck.AccessLimiter` is set up, the instance of UA can be accessed by `new UAccessor` and `UnsafeAccessor` instances. Therefore, the main application should always set up `SecurityCheck.AccessLimiter` when `UnsafeAccessor` is used. In addition, the main application should set `SecurityCheck.AccessLimiter` to `UnsafeAccessor.UnsafeAccessor(java.lang.String)`. The patch in version 1.7.0 fixes this issue and prevents a potential use-after-free vulnerability with UnsafeAccessor instances used by SecurityCheck implementations that have been patched by this change in 1.7.0.

Vulnerability Description

This patch addresses a potential security vulnerability that allows Code-Injection. The problem is that the `SecurityCheck.AccessLimiter` instance is not being set up when `UnsafeAccessor` is used in some cases. Therefore, code can be injected because the instance of `UnsafeAccessor` can still be accessed by new `UAccessor` and `UnsafeAccessor` instances. In order to fix this issue, `SecurityCheck.AccessLimiter` should always be set up when `UnsafeAccessor` is used.

CVE-2019-12811

In version 1.7.0 and prior, `SecurityCheck.AccessLimiter` is not set up when `UnsafeAccessor` is used by the main application. Because of this, there are security risks related to not setting up `SecurityCheck.AccessLimiter`. You should patch your application to include the fix in 1.7.0 so that your application will be secure as of release 1.7.0 or higher versions of the application

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe