First published: Thu Jan 12 2023(Updated: )
An unspecified flaw was found in the way the Serialization component of OpenJDK performed deserialization of data from serialized input. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7 | 1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1 | 1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0 | 1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0 |
Oracle Communications Unified Assurance | >=5.5.0<=5.5.17 | |
Oracle Communications Unified Assurance | >=6.0.0<=6.0.2 | |
Oracle GraalVM | =20.3.8 | |
Oracle GraalVM | =21.3.4 | |
Oracle GraalVM | =22.3.0 | |
Oracle JDK | =1.8.0-update351 | |
Oracle JDK | =11.0.17 | |
Oracle JDK | =17.0.5 | |
Oracle JDK | =19.0.1 | |
Oracle JRE | =1.8.0-update351 | |
Oracle JRE | =11.0.17 | |
Oracle JRE | =17.0.5 | |
Oracle JRE | =19.0.1 | |
Azul Zulu | =6.51 | |
Azul Zulu | =7.57 | |
Azul Zulu | =8.66 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.3 | |
IBM Security Guardium | <=11.4 | |
IBM Security Guardium | <=11.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this issue is CVE-2023-21830.
This vulnerability affects the Serialization component of Java SE.
The severity of CVE-2023-21830 is medium with a CVSS score of 5.3.
The affected versions are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4.
To fix this vulnerability, update your Oracle Java SE or GraalVM Enterprise Edition to the recommended versions provided by Oracle.