REDHAT-BUG-2221645
First published: Mon Jul 10 2023(Updated: )
A flaw was found in the way the Hotspot component of OpenJDK handled array accesses in case of overflow in the index computation. This flaw could lead to an access at an invalid array position, leading to an out-of-bounds read vulnerability.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2023:4170
- https://access.redhat.com/errata/RHSA-2023:4171
- https://access.redhat.com/errata/RHSA-2023:4167
- https://access.redhat.com/errata/RHSA-2023:4168
- https://access.redhat.com/errata/RHSA-2023:4165
- https://access.redhat.com/errata/RHSA-2023:4162
- https://access.redhat.com/errata/RHSA-2023:4164
- https://access.redhat.com/errata/RHSA-2023:4173
- https://access.redhat.com/errata/RHSA-2023:4157
- https://access.redhat.com/errata/RHSA-2023:4169
- https://access.redhat.com/errata/RHSA-2023:4172
- https://access.redhat.com/errata/RHSA-2023:4163
- https://access.redhat.com/errata/RHSA-2023:4174
- https://access.redhat.com/errata/RHSA-2023:4209
- https://access.redhat.com/errata/RHSA-2023:4212
- https://access.redhat.com/errata/RHSA-2023:4161
- https://access.redhat.com/errata/RHSA-2023:4208
- https://access.redhat.com/errata/RHSA-2023:4210
- https://access.redhat.com/errata/RHSA-2023:4211
- https://access.redhat.com/errata/RHSA-2023:4177
- https://access.redhat.com/errata/RHSA-2023:4158
- https://access.redhat.com/errata/RHSA-2023:4176
- https://access.redhat.com/errata/RHSA-2023:4159
- https://access.redhat.com/errata/RHSA-2023:4175
- https://access.redhat.com/errata/RHSA-2023:4178
- https://access.redhat.com/errata/RHSA-2023:4166
- https://access.redhat.com/errata/RHSA-2023:4233
- https://access.redhat.com/security/cve/cve-2023-22045
- https://github.com/openjdk/jdk8u/commit/ec0818add7069be2fe3854edd1f3d2d7c8e07746
- https://github.com/openjdk/jdk11u/commit/5ba24640f6097262bdf6b4a32a7945c445f2246a
- https://github.com/openjdk/jdk17u/commit/a0846b4065bbd46420adceb912c4e29c74474f3f
- https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u381-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html
- https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2221645
Frequently Asked Questions
What is the severity of REDHAT-BUG-2221645?
The severity of REDHAT-BUG-2221645 is considered medium due to the potential for out-of-bounds read vulnerabilities.
How do I fix REDHAT-BUG-2221645?
To fix REDHAT-BUG-2221645, apply the recommended patches or updates provided by the OpenJDK maintainers.
Which versions of OpenJDK are affected by REDHAT-BUG-2221645?
All versions of OpenJDK that include the vulnerable Hotspot component are affected by REDHAT-BUG-2221645.
Is there a workaround for REDHAT-BUG-2221645?
A definitive workaround for REDHAT-BUG-2221645 is to avoid using features that rely on the vulnerable array index accesses.
How does REDHAT-BUG-2221645 impact application security?
REDHAT-BUG-2221645 may lead to unauthorized data access through out-of-bounds reads, compromising application security.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-22045
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/openjdk