First published: Thu Jan 12 2023(Updated: )
An unspecified vulnerability in Java SE related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el7_9 | 11-openjdk-1:11.0.18.0.10-1.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 |
redhat/java | <17-openjdk-1:17.0.6.0.10-3.el8_7 | 17-openjdk-1:17.0.6.0.10-3.el8_7 |
redhat/java | <11-openjdk-1:11.0.18.0.10-2.el8_7 | 11-openjdk-1:11.0.18.0.10-2.el8_7 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7 | 1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7 |
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el8_1 | 11-openjdk-1:11.0.18.0.10-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el8_2 | 11-openjdk-1:11.0.18.0.10-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2 |
redhat/java | <17-openjdk-1:17.0.6.0.10-2.el8_4 | 17-openjdk-1:17.0.6.0.10-2.el8_4 |
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el8_4 | 11-openjdk-1:11.0.18.0.10-1.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4 |
redhat/java | <17-openjdk-1:17.0.6.0.10-2.el8_6 | 17-openjdk-1:17.0.6.0.10-2.el8_6 |
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el8_6 | 11-openjdk-1:11.0.18.0.10-1.el8_6 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6 | 1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6 |
redhat/java | <17-openjdk-1:17.0.6.0.10-3.el9_1 | 17-openjdk-1:17.0.6.0.10-3.el9_1 |
redhat/java | <11-openjdk-1:11.0.18.0.10-2.el9_1 | 11-openjdk-1:11.0.18.0.10-2.el9_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1 | 1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1 |
redhat/java | <17-openjdk-1:17.0.6.0.10-2.el9_0 | 17-openjdk-1:17.0.6.0.10-2.el9_0 |
redhat/java | <11-openjdk-1:11.0.18.0.10-1.el9_0 | 11-openjdk-1:11.0.18.0.10-1.el9_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0 | 1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0 |
Oracle GraalVM | =20.3.8 | |
Oracle GraalVM | =21.3.4 | |
Oracle GraalVM | =22.3.0 | |
Oracle JDK | =1.8.0-update351 | |
Oracle JDK | =11.0.17 | |
Oracle JDK | =17.0.5 | |
Oracle JDK | =19.0.1 | |
Oracle JRE | =1.8.0-update351 | |
Oracle JRE | =11.0.17 | |
Oracle JRE | =17.0.5 | |
Oracle JRE | =19.0.1 | |
Azul Zulu | =6.51 | |
Azul Zulu | =7.57 | |
Azul Zulu | =8.66 | |
Azul Zulu | =11.60 | |
Azul Zulu | =13.52 | |
Azul Zulu | =15.44 | |
Azul Zulu | =17.38 | |
Azul Zulu | =19.30 | |
IBM Cognos Controller | <=11.0.0 - 11.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2023-21843 is an unspecified vulnerability in Java SE related to the Sound component that could allow a remote attacker to... (answer continued)
Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1.
Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0.
The severity of CVE-2023-21843 is low, with a severity value of 3.7.
To fix CVE-2023-21843, update to the latest version of Oracle Java SE or Oracle GraalVM Enterprise Edition as recommended by the vendor.
The CWE ID for CVE-2023-21843 is CWE-646.
More information about CVE-2023-21843 can be found at the following references: [Link 1](https://github.com/openjdk/jdk17u/commit/45650552132297f296648ffccaa9668888c6707d), [Link 2](https://github.com/openjdk/jdk11u/commit/b46279bb15ab187e60c71b400e4363548969445a), [Link 3](https://github.com/openjdk/jdk8u/commit/00dbe881f5fb7b74c93762ddd06a33a716f786ce).