- Vulnerability/
- USN-6272-1
USN-6272-1: OpenJDK 20 vulnerabilities
First published: Thu Aug 03 2023(Updated: )
Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22006) Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-22036) David Stancu discovered that OpenJDK 20 had a flaw in the AES cipher implementation. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22041) Zhiqiang Zang discovered that OpenJDK 20 incorrectly handled array accesses when using the binary '%' operator. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22044) Zhiqiang Zang discovered that OpenJDK 20 incorrectly handled array accesses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22045) It was discovered that OpenJDK 20 incorrectly sanitized URIs strings. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22049) It was discovered that OpenJDK 20 incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-25193)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/openjdk-20-jre | <20.0.2+9+ds1-0ubuntu1~23.04 | 20.0.2+9+ds1-0ubuntu1~23.04 |
| =23.04 | ||
| All of | ||
| ubuntu/openjdk-20-jre-zero | <20.0.2+9+ds1-0ubuntu1~23.04 | 20.0.2+9+ds1-0ubuntu1~23.04 |
| =23.04 | ||
| All of | ||
| ubuntu/openjdk-20-jre-headless | <20.0.2+9+ds1-0ubuntu1~23.04 | 20.0.2+9+ds1-0ubuntu1~23.04 |
| =23.04 | ||
| All of | ||
| ubuntu/openjdk-20-jdk | <20.0.2+9+ds1-0ubuntu1~23.04 | 20.0.2+9+ds1-0ubuntu1~23.04 |
| =23.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-22044
- https://ubuntu.com/security/CVE-2023-22045
- https://ubuntu.com/security/CVE-2023-25193
- https://ubuntu.com/security/CVE-2023-22041
- https://ubuntu.com/security/CVE-2023-22036
- https://ubuntu.com/security/CVE-2023-22049
- https://ubuntu.com/security/CVE-2023-22006
- https://ubuntu.com/security/notices/USN-6263-1
- https://launchpad.net/ubuntu/+source/openjdk-20/20.0.2+9+ds1-0ubuntu1~23.04
- https://ubuntu.com/security/notices/USN-6272-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this OpenJDK vulnerability?
The vulnerability ID for this OpenJDK vulnerability is CVE-2023-22006.
What is the impact of this vulnerability?
This vulnerability could allow an attacker to insert, edit, or obtain sensitive information.
What version of OpenJDK is affected?
OpenJDK version 20.0.2+9+ds1-0ubuntu1~23.04 is affected.
How can I fix this vulnerability?
To fix this vulnerability, update to OpenJDK version 20.0.2+9+ds1-0ubuntu1~23.04 or higher.
Are there any additional references for this vulnerability?
Yes, you can find additional references for this vulnerability at the following URLs: [https://ubuntu.com/security/CVE-2023-22044](https://ubuntu.com/security/CVE-2023-22044), [https://ubuntu.com/security/CVE-2023-22045](https://ubuntu.com/security/CVE-2023-22045), [https://ubuntu.com/security/CVE-2023-25193](https://ubuntu.com/security/CVE-2023-25193).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6263-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04