REDHAT-BUG-2187758
First published: Tue Apr 18 2023(Updated: )
It was discovered that the implementation of ProcesBuilder in the Libraries component of OpenJDK did not correctly process NULL characters in command name attributes. This could lead to manipulation of command arguments when executing processes with arguments from untrusted sources.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/openjdk/jdk8u/commit/a7fbe33ffece7c28c9808fcc631c2d4db4a59757
- https://github.com/openjdk/jdk11u/commit/2d806d0e2f034b24987407a36bb8e246b1734927
- https://github.com/openjdk/jdk17u/commit/28958abd0ea9c6296d140d04d0615b99da9370a5
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
- https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html
- https://access.redhat.com/errata/RHSA-2023:1875
- https://access.redhat.com/errata/RHSA-2023:1877
- https://access.redhat.com/errata/RHSA-2023:1878
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1883
- https://access.redhat.com/errata/RHSA-2023:1882
- https://access.redhat.com/errata/RHSA-2023:1885
- https://access.redhat.com/errata/RHSA-2023:1884
- https://access.redhat.com/errata/RHSA-2023:1889
- https://access.redhat.com/errata/RHSA-2023:1890
- https://access.redhat.com/errata/RHSA-2023:1891
- https://access.redhat.com/errata/RHSA-2023:1892
- https://access.redhat.com/errata/RHSA-2023:1895
- https://access.redhat.com/errata/RHSA-2023:1898
- https://access.redhat.com/errata/RHSA-2023:1899
- https://access.redhat.com/errata/RHSA-2023:1900
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1911
- https://access.redhat.com/errata/RHSA-2023:1905
- https://access.redhat.com/errata/RHSA-2023:1906
- https://access.redhat.com/errata/RHSA-2023:1909
- https://access.redhat.com/errata/RHSA-2023:1908
- https://access.redhat.com/errata/RHSA-2023:1910
- https://access.redhat.com/errata/RHSA-2023:1907
- https://access.redhat.com/errata/RHSA-2023:1912
- https://access.redhat.com/errata/RHSA-2023:1903
- https://access.redhat.com/security/cve/cve-2023-21938
- https://access.redhat.com/errata/RHSA-2023:4103
- https://access.redhat.com/errata/RHSA-2023:4160
- https://bugzilla.redhat.com/show_bug.cgi?id=2187758
Frequently Asked Questions
What is the severity of REDHAT-BUG-2187758?
The severity of REDHAT-BUG-2187758 is considered high due to its potential to manipulate command arguments from untrusted sources.
How do I fix REDHAT-BUG-2187758?
To fix REDHAT-BUG-2187758, you should upgrade to the latest patched version of OpenJDK.
What systems are affected by REDHAT-BUG-2187758?
REDHAT-BUG-2187758 affects implementations of OpenJDK, specifically OpenJDK 17.
What are the risks associated with REDHAT-BUG-2187758?
The risks associated with REDHAT-BUG-2187758 include potential arbitrary command execution due to improper handling of NULL characters.
Is there a workaround for REDHAT-BUG-2187758?
There is no official workaround for REDHAT-BUG-2187758; upgrading to a patched version is recommended.
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-21938
- agent/first-publish-date
- agent/source
- agent/description
- agent/severity
- agent/references
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17