What is CVE-2023-21843?

CVE-2023-21843 is an unspecified vulnerability in Java SE related to the Sound component that could allow a remote attacker to... (answer continued)

What versions of Oracle Java SE are affected by CVE-2023-21843?

Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1.

What versions of Oracle GraalVM Enterprise Edition are affected by CVE-2023-21843?

Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0.

What is the severity of CVE-2023-21843?

The severity of CVE-2023-21843 is low, with a severity value of 3.7.

How can I fix CVE-2023-21843?

To fix CVE-2023-21843, update to the latest version of Oracle Java SE or Oracle GraalVM Enterprise Edition as recommended by the vendor.

What is the Common Weakness Enumeration (CWE) ID for CVE-2023-21843?

The CWE ID for CVE-2023-21843 is CWE-646.

Where can I find more information about CVE-2023-21843?

More information about CVE-2023-21843 can be found at the following references: [Link 1](https://github.com/openjdk/jdk17u/commit/45650552132297f296648ffccaa9668888c6707d), [Link 2](https://github.com/openjdk/jdk11u/commit/b46279bb15ab187e60c71b400e4363548969445a), [Link 3](https://github.com/openjdk/jdk8u/commit/00dbe881f5fb7b74c93762ddd06a33a716f786ce).

Vulnerability/
CVE-2023-21843

low

3.7

CWE

646

12/1/2023

17/1/2023

17/1/2024

CVE-2023-21843

First published: Thu Jan 12 2023(Updated: )

An unspecified vulnerability in Java SE related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el7_9	11-openjdk-1:11.0.18.0.10-1.el7_9
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9	1.8.0-openjdk-1:1.8.0.362.b08-1.el7_9
redhat/java	<1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7	1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7
redhat/java	<17-openjdk-1:17.0.6.0.10-3.el8_7	17-openjdk-1:17.0.6.0.10-3.el8_7
redhat/java	<11-openjdk-1:11.0.18.0.10-2.el8_7	11-openjdk-1:11.0.18.0.10-2.el8_7
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7	1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el8_1	11-openjdk-1:11.0.18.0.10-1.el8_1
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1	1.8.0-openjdk-1:1.8.0.362.b08-1.el8_1
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el8_2	11-openjdk-1:11.0.18.0.10-1.el8_2
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2	1.8.0-openjdk-1:1.8.0.362.b08-1.el8_2
redhat/java	<17-openjdk-1:17.0.6.0.10-2.el8_4	17-openjdk-1:17.0.6.0.10-2.el8_4
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el8_4	11-openjdk-1:11.0.18.0.10-1.el8_4
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4	1.8.0-openjdk-1:1.8.0.362.b08-1.el8_4
redhat/java	<17-openjdk-1:17.0.6.0.10-2.el8_6	17-openjdk-1:17.0.6.0.10-2.el8_6
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el8_6	11-openjdk-1:11.0.18.0.10-1.el8_6
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6	1.8.0-openjdk-1:1.8.0.362.b08-1.el8_6
redhat/java	<17-openjdk-1:17.0.6.0.10-3.el9_1	17-openjdk-1:17.0.6.0.10-3.el9_1
redhat/java	<11-openjdk-1:11.0.18.0.10-2.el9_1	11-openjdk-1:11.0.18.0.10-2.el9_1
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1	1.8.0-openjdk-1:1.8.0.362.b09-2.el9_1
redhat/java	<17-openjdk-1:17.0.6.0.10-2.el9_0	17-openjdk-1:17.0.6.0.10-2.el9_0
redhat/java	<11-openjdk-1:11.0.18.0.10-1.el9_0	11-openjdk-1:11.0.18.0.10-1.el9_0
redhat/java	<1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0	1.8.0-openjdk-1:1.8.0.362.b08-2.el9_0
IBM Cloud Pak for Business Automation	<=V23.0.1
IBM Cloud Pak for Business Automation	<=V21.0.3 - V21.0.3-IF022
IBM Cloud Pak for Business Automation	<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
Oracle GraalVM	=20.3.8
Oracle GraalVM	=21.3.4
Oracle GraalVM	=22.3.0
Oracle JDK	=1.8.0-update351
Oracle JDK	=11.0.17
Oracle JDK	=17.0.5
Oracle JDK	=19.0.1
Oracle JRE	=1.8.0-update351
Oracle JRE	=11.0.17
Oracle JRE	=17.0.5
Oracle JRE	=19.0.1
Azul Zulu	=6.51
Azul Zulu	=7.57
Azul Zulu	=8.66
Azul Zulu	=11.60
Azul Zulu	=13.52
Azul Zulu	=15.44
Azul Zulu	=17.38
Azul Zulu	=19.30

Remedy

https://www.oracle.com/security-alerts/cpujan2023.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-21843?
CVE-2023-21843 is an unspecified vulnerability in Java SE related to the Sound component that could allow a remote attacker to... (answer continued)
What versions of Oracle Java SE are affected by CVE-2023-21843?
Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1.
What versions of Oracle GraalVM Enterprise Edition are affected by CVE-2023-21843?
Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0.
What is the severity of CVE-2023-21843?
The severity of CVE-2023-21843 is low, with a severity value of 3.7.
How can I fix CVE-2023-21843?
To fix CVE-2023-21843, update to the latest version of Oracle Java SE or Oracle GraalVM Enterprise Edition as recommended by the vendor.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-21843?
The CWE ID for CVE-2023-21843 is CWE-646.
Where can I find more information about CVE-2023-21843?
More information about CVE-2023-21843 can be found at the following references: [Link 1](https://github.com/openjdk/jdk17u/commit/45650552132297f296648ffccaa9668888c6707d), [Link 2](https://github.com/openjdk/jdk11u/commit/b46279bb15ab187e60c71b400e4363548969445a), [Link 3](https://github.com/openjdk/jdk8u/commit/00dbe881f5fb7b74c93762ddd06a33a716f786ce).

collector/redhat-cve
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-21843
agent/type
agent/severity
agent/remedy
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/author
agent/last-modified-date
agent/references
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
collector/nvd-index
package-manager/redhat
vendor/ibm
canonical/ibm cloud pak for business automation
version/ibm cloud pak for business automation/v23.0.1
version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if022
version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixesv22.0.1 - v22.0.1-if006 and later fixesv21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes
vendor/oracle
canonical/oracle graalvm
version/oracle graalvm/20.3.8
version/oracle graalvm/21.3.4
version/oracle graalvm/22.3.0
canonical/oracle jdk
version/oracle jdk/1.8.0-update351
version/oracle jdk/11.0.17
version/oracle jdk/17.0.5
version/oracle jdk/19.0.1
canonical/oracle jre
version/oracle jre/1.8.0-update351
version/oracle jre/11.0.17
version/oracle jre/17.0.5
version/oracle jre/19.0.1
vendor/azul
canonical/azul zulu
version/azul zulu/6.51
version/azul zulu/7.57
version/azul zulu/8.66
version/azul zulu/11.60
version/azul zulu/13.52
version/azul zulu/15.44
version/azul zulu/17.38
version/azul zulu/19.30