CVE-2023-22045
First published: Mon Jul 10 2023(Updated: )
A flaw was found in the way the Hotspot component of OpenJDK handled array accesses in case of overflow in the index computation. This flaw could lead to an access at an invalid array position, leading to an out-of-bounds read vulnerability.
Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Controller | <=11.0.0 - 11.0.1 | |
| debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.26+4-1 | |
| debian/openjdk-17 | 17.0.12+7-2~deb11u1 17.0.14+7-1~deb11u1 17.0.13+11-2~deb12u1 17.0.14+7-1~deb12u1 17.0.14+7-1 | |
| debian/openjdk-8 | 8u442-ga-2 | |
| Oracle GraalVM Enterprise Edition | =20.3.10 | |
| Oracle GraalVM Enterprise Edition | =21.3.6 | |
| Oracle GraalVM Enterprise Edition | =22.3.2 | |
| Oracle GraalVM for JDK | =17.0.7 | |
| Oracle GraalVM for JDK | =20.0.1 | |
| Oracle OpenJDK 1.8.0 | =1.8.0-update371 | |
| Oracle OpenJDK 1.8.0 | =1.8.0-update371 | |
| Oracle OpenJDK 1.8.0 | =11.0.19 | |
| Oracle OpenJDK 1.8.0 | =17.0.7 | |
| Oracle OpenJDK 1.8.0 | =20.0.1 | |
| Oracle JRE | =1.8.0-update371 | |
| Oracle JRE | =1.8.0-update371 | |
| Oracle JRE | =11.0.19 | |
| Oracle JRE | =17.0.7 | |
| Oracle JRE | =20.0.1 | |
| Debian | =10.0 | |
| Debian | =11.0 | |
| Debian | =12.0 | |
| NetApp 7-Mode Transition Tool | ||
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Active IQ Unified Manager | ||
| NetApp Cloud Insights Acquisition Unit | ||
| NetApp Cloud Insights Storage Workload Security Agent | ||
| NetApp OnCommand Insight |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpujul2023.html
- https://security.netapp.com/advisory/ntap-20230725-0006/
- https://www.debian.org/security/2023/dsa-5458
- https://www.debian.org/security/2023/dsa-5478
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://launchpad.net/bugs/cve/CVE-2023-22045
- https://access.redhat.com/errata/RHSA-2023:4170
- https://access.redhat.com/errata/RHSA-2023:4171
- https://access.redhat.com/errata/RHSA-2023:4167
- https://access.redhat.com/errata/RHSA-2023:4168
- https://access.redhat.com/errata/RHSA-2023:4165
- https://access.redhat.com/errata/RHSA-2023:4162
- https://access.redhat.com/errata/RHSA-2023:4164
- https://access.redhat.com/errata/RHSA-2023:4173
- https://access.redhat.com/errata/RHSA-2023:4157
- https://access.redhat.com/errata/RHSA-2023:4169
- https://access.redhat.com/errata/RHSA-2023:4172
- https://access.redhat.com/errata/RHSA-2023:4163
- https://access.redhat.com/errata/RHSA-2023:4174
- https://access.redhat.com/errata/RHSA-2023:4209
- https://access.redhat.com/errata/RHSA-2023:4212
- https://access.redhat.com/errata/RHSA-2023:4161
- https://access.redhat.com/errata/RHSA-2023:4208
- https://access.redhat.com/errata/RHSA-2023:4210
- https://access.redhat.com/errata/RHSA-2023:4211
- https://access.redhat.com/errata/RHSA-2023:4177
- https://access.redhat.com/errata/RHSA-2023:4158
- https://access.redhat.com/errata/RHSA-2023:4176
- https://access.redhat.com/errata/RHSA-2023:4159
- https://access.redhat.com/errata/RHSA-2023:4175
- https://access.redhat.com/errata/RHSA-2023:4178
- https://access.redhat.com/errata/RHSA-2023:4166
- https://access.redhat.com/errata/RHSA-2023:4233
- https://access.redhat.com/security/cve/cve-2023-22045
- https://github.com/openjdk/jdk8u/commit/ec0818add7069be2fe3854edd1f3d2d7c8e07746
- https://github.com/openjdk/jdk11u/commit/5ba24640f6097262bdf6b4a32a7945c445f2246a
- https://github.com/openjdk/jdk17u/commit/a0846b4065bbd46420adceb912c4e29c74474f3f
- https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u381-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html
- https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2221645
- https://www.ibm.com/support/pages/node/7177220 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
- https://nvd.nist.gov/vuln/detail/CVE-2023-22045
- https://security-tracker.debian.org/tracker/CVE-2023-22045
- https://ubuntu.com/security/CVE-2023-22045
Frequently Asked Questions
What is the severity of CVE-2023-22045?
The severity of CVE-2023-22045 is low.
Which versions of Oracle Java SE are affected by CVE-2023-22045?
Oracle Java SE versions 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1 are affected by CVE-2023-22045.
Which versions of Oracle GraalVM Enterprise Edition are affected by CVE-2023-22045?
Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2 are affected by CVE-2023-22045.
Which versions of Oracle GraalVM for JDK are affected by CVE-2023-22045?
Oracle GraalVM for JDK versions 17.0.7, 20.0.1 are affected by CVE-2023-22045.
How can I fix CVE-2023-22045?
To fix CVE-2023-22045, update your Oracle Java SE version to a secure version provided by Oracle.
- collector/nvd-latest
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-22045
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- vendor/ibm
- canonical/ibm cognos controller
- version/ibm cognos controller/11.0.0 - 11.0.1
- package-manager/debian
- vendor/oracle
- canonical/oracle graalvm enterprise edition
- version/oracle graalvm enterprise edition/20.3.10
- version/oracle graalvm enterprise edition/21.3.6
- version/oracle graalvm enterprise edition/22.3.2
- canonical/oracle graalvm for jdk
- version/oracle graalvm for jdk/17.0.7
- version/oracle graalvm for jdk/20.0.1
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.8.0-update371
- version/oracle openjdk 1.8.0/11.0.19
- version/oracle openjdk 1.8.0/17.0.7
- version/oracle openjdk 1.8.0/20.0.1
- canonical/oracle jre
- version/oracle jre/1.8.0-update371
- version/oracle jre/11.0.19
- version/oracle jre/17.0.7
- version/oracle jre/20.0.1
- vendor/debian
- canonical/debian
- version/debian/10.0
- version/debian/11.0
- version/debian/12.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp active iq unified manager
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud insights storage workload security agent
- canonical/netapp oncommand insight