REDHAT-BUG-2075849
First published: Fri Apr 15 2022(Updated: )
Inconsistencies were found in the way the java.net.URI and com.sun.jndi.toolkit.url.URI classes in the JNDI component of OpenJDK parsed URI strings. These inconsistencies could be used to make a Java application accept invalid or malformed URI strings. Parsing of URL strings in built-in JNDI providers were made more strict as part of the fix. For more information, see the following release notes for Oracle JDK 7u341, 8u331, 11.0.15, 17.0.3, 18.0.1: <a href="https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#JDK-8278972">https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#JDK-8278972</a> <a href="https://www.oracle.com/java/technologies/javase/8u331-relnotes.html#JDK-8278972">https://www.oracle.com/java/technologies/javase/8u331-relnotes.html#JDK-8278972</a> <a href="https://www.oracle.com/java/technologies/javase/11-0-15-relnotes.html#JDK-8278972">https://www.oracle.com/java/technologies/javase/11-0-15-relnotes.html#JDK-8278972</a> <a href="https://www.oracle.com/java/technologies/javase/17-0-3-relnotes.html#JDK-8278972">https://www.oracle.com/java/technologies/javase/17-0-3-relnotes.html#JDK-8278972</a> <a href="https://www.oracle.com/java/technologies/javase/18-0-1-relnotes.html#JDK-8278972">https://www.oracle.com/java/technologies/javase/18-0-1-relnotes.html#JDK-8278972</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle OpenJDK 1.8.0 | ||
| OpenJDK JNDI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#JDK-8278972
- https://www.oracle.com/java/technologies/javase/8u331-relnotes.html#JDK-8278972
- https://www.oracle.com/java/technologies/javase/11-0-15-relnotes.html#JDK-8278972
- https://www.oracle.com/java/technologies/javase/17-0-3-relnotes.html#JDK-8278972
- https://www.oracle.com/java/technologies/javase/18-0-1-relnotes.html#JDK-8278972
- https://access.redhat.com/errata/RHSA-2022:1443
- https://access.redhat.com/errata/RHSA-2022:1444
- https://access.redhat.com/errata/RHSA-2022:1441
- https://access.redhat.com/errata/RHSA-2022:1445
- https://github.com/openjdk/jdk17u/commit/a61b441176f86a8eb3125e997f4c827fe920bec4
- https://github.com/openjdk/jdk11u/commit/666f21fe139873e877a3b2e05e46437b96e552e7
- http://hg.openjdk.java.net/jdk8u/monojdk8u/rev/a29e720c80d4
- https://access.redhat.com/errata/RHSA-2022:1442
- https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2022:1440
- https://access.redhat.com/errata/RHSA-2022:1487
- https://access.redhat.com/errata/RHSA-2022:1488
- https://access.redhat.com/errata/RHSA-2022:1489
- https://access.redhat.com/errata/RHSA-2022:1490
- https://access.redhat.com/errata/RHSA-2022:1491
- https://access.redhat.com/errata/RHSA-2022:1492
- https://access.redhat.com/errata/RHSA-2022:1438
- https://access.redhat.com/errata/RHSA-2022:1435
- https://access.redhat.com/errata/RHSA-2022:1439
- https://access.redhat.com/errata/RHSA-2022:1436
- https://access.redhat.com/errata/RHSA-2022:1437
- https://access.redhat.com/security/cve/cve-2022-21496
- https://access.redhat.com/errata/RHSA-2022:2137
- https://access.redhat.com/errata/RHSA-2022:1729
- https://access.redhat.com/errata/RHSA-2022:1728
- https://access.redhat.com/errata/RHSA-2022:4957
- https://access.redhat.com/errata/RHSA-2022:4959
- https://access.redhat.com/errata/RHSA-2022:5837
- https://bugzilla.redhat.com/show_bug.cgi?id=2075849
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21496
- agent/type
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- vendor/openjdk
- canonical/openjdk jndi