REDHAT-BUG-2187441
First published: Mon Apr 17 2023(Updated: )
A flaw was found in the object reclamation process of the Hotspot JVM garbage collector in the way it enqueued references. An untrusted Java application or applet could use this flaw to possibly bypass Java sandbox restrictions and access sensitive information.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/openjdk/jdk8u/commit/1a42e35729d1a0b049a13b762b0cbb4f046081ea
- https://github.com/openjdk/jdk11u/commit/780327d1de4fee3e77c3e48018908bf0c3fcd55a
- https://github.com/openjdk/jdk17u/commit/dfded6daaafb3a517bac6a07bcb4ec40db4a4a2e
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
- https://access.redhat.com/errata/RHSA-2023:1875
- https://access.redhat.com/errata/RHSA-2023:1877
- https://access.redhat.com/errata/RHSA-2023:1878
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1883
- https://access.redhat.com/errata/RHSA-2023:1882
- https://access.redhat.com/errata/RHSA-2023:1885
- https://access.redhat.com/errata/RHSA-2023:1884
- https://access.redhat.com/errata/RHSA-2023:1889
- https://access.redhat.com/errata/RHSA-2023:1890
- https://access.redhat.com/errata/RHSA-2023:1891
- https://access.redhat.com/errata/RHSA-2023:1892
- https://access.redhat.com/errata/RHSA-2023:1895
- https://access.redhat.com/errata/RHSA-2023:1898
- https://access.redhat.com/errata/RHSA-2023:1899
- https://access.redhat.com/errata/RHSA-2023:1900
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1911
- https://access.redhat.com/errata/RHSA-2023:1905
- https://access.redhat.com/errata/RHSA-2023:1906
- https://access.redhat.com/errata/RHSA-2023:1909
- https://access.redhat.com/errata/RHSA-2023:1908
- https://access.redhat.com/errata/RHSA-2023:1910
- https://access.redhat.com/errata/RHSA-2023:1907
- https://access.redhat.com/errata/RHSA-2023:1912
- https://access.redhat.com/errata/RHSA-2023:1903
- https://access.redhat.com/security/cve/cve-2023-21954
- https://bugzilla.redhat.com/show_bug.cgi?id=2187441
Frequently Asked Questions
What is the severity of REDHAT-BUG-2187441?
The severity of REDHAT-BUG-2187441 is considered to be high due to the potential for bypassing Java sandbox restrictions.
How do I fix REDHAT-BUG-2187441?
To fix REDHAT-BUG-2187441, it is recommended to update to the latest version of Oracle Java that addresses this vulnerability.
Which versions of Java are affected by REDHAT-BUG-2187441?
REDHAT-BUG-2187441 affects multiple versions of Oracle Java, particularly those with the flawed garbage collector implementation.
Who is affected by REDHAT-BUG-2187441?
Any users or organizations running untrusted Java applications or applets on affected versions of Oracle Java may be impacted by REDHAT-BUG-2187441.
What types of attacks can REDHAT-BUG-2187441 facilitate?
REDHAT-BUG-2187441 may facilitate attacks that allow untrusted applications to access sensitive information by bypassing Java security restrictions.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-21954
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/java