Details of VAR-202204-0593

ID

VAR-202204-0593

CVE

CVE-2022-21426

TITLE

Red Hat Security Advisory 2022-2218-01

Trust: 0.1

sources: PACKETSTORM: 167140

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443). Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1 LOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working LOG-2481 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3] 6. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2022:2137-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2137 Issue date: 2022-05-17 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: java-1.8.0-openjdk-1.8.0.332.b09-1.el9_0.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.332.b09-1.el9_0.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el9_0.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el9_0.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.332.b09-1.el9_0.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.s390x.rpm java-1.8.0-openjdk-src-1.8.0.332.b09-1.el9_0.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.332.b09-1.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): aarch64: java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el9_0.aarch64.rpm ppc64le: java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el9_0.ppc64le.rpm x86_64: java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpn+ltzjgjWX9erEAQiJqBAAhLJxcSr28fL1Ob1ydp995JImoSLrd79m 6pAP+1cmWkok9p7GORpLUaIadDftEk3juSm4poPAQ0eKE+dFzJWB+XHmOS0YvEab kc8v+LZqTrKpkLup3opMOtFQdW/y7gkaLccu9ww9bpjkwSGd8e5cMx0pp3TiY0vf VzLaB0xY6UrqaU5HrRTJYtKTO/ftzYlia+KQEg4JPMO00c6d8iPOj7a3KSRuYPtb gVqmrFTSPh4ES67hg03KEQcsn6/Sst0nM6ne0VhPYcU5hLCMowrOlqqHhm3qfbAm +XctTiYcMZpbcWdWeIoou4AaGJ76yoHGS74iCBBACD3EZnI4Rao5QbjFTlPPdSYb x070Gk+NoTjfg/Y2XMKJg/Fx6GZb8yShu9r6RBnqFA6em+r4sR09IHVGCM6HIuz0 g+uOiVZJ0G+LKk3W2O0CgJlEX9eJOxBYtmp+PUfzwDvs6/9LwtRGGMZ1oCyijd4e jNmKBMEVk7GyVI279Mhe58t2EJyGbwXzLTR4myP/vjGWT2u5e3Nf09BRWux6e+Bv 6JpraVXbqaMBylCHj5rVO1PbzBsDN0JgWTaCqh7C2QQs9fSvvnem28Z+7OWvneYq bN46Scujx6ueXc3UaLNj6wFO0bmp7LIr4S9wFFS0k0VO8ZdIhM1a01a4wcTjcbeE 62Hnl63pgPY= =Mfpt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - aarch64, ppc64le, s390x, x86_64 3. ========================================================================= Ubuntu Security Notice USN-5546-2 August 04, 2022 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in OpenJDK 8. Software Description: - openjdk-8: Open Source Java implementation Details: USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21496) It was discovered that OpenJDK incorrectly generated class code in the Hotspot component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21540) It was dicovered that OpenJDK incorrectly restricted access to the invokeBasic() method in the Hotspot component. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2022-21541) It was discovered that OpenJDK incorrectly computed exponentials. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2022-21549) It was discovered that OpenJDK includes a copy of Xalan that incorrectly handled integer truncation. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-34169) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: openjdk-8-jdk 8u342-b07-0ubuntu1~16.04 openjdk-8-jre 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-headless 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-zero 8u342-b07-0ubuntu1~16.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5546-2 https://ubuntu.com/security/notices/USN-5546-1 CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169 . For the stable distribution (bullseye), these problems have been fixed in version 17.0.3+7-1~deb11u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJxl3wACgkQEMKTtsN8 Tja/zg/7BeUmTL3RGbn6PBexYoRYRGd5TIgkjajpMhKJfgMJezJ95sDP1jKZmZ7W 5W7R3iqBYUIjJl+wcoDpSN2HyApXNUkLTMeTbNgJCwipJwk4LG79zcXLxAtBqmJl hKt8ij5V4wQiou1NDhTYpGdLLQUQ8wQEX05veO5U80KYuMc2TzvRwsjzzAF1K3WM zEKV8HJ3SLJcnb24s2PLpoPZLaWerJurcUwQG01OJVlp4smvuBzw1imExMOG5P9D iX9CogACSoupamHCkpInajxtvzLx/Kb39obHOVIJmYlVJif9Vt4XMd+IRFv1ZiWK bvmsexifgn96D2Qc9uoHMKanMsqb5bjN+jtyRSq/BRpADManyU9O0NPFAxuqkBk2 Zj1YiljDHTHdMmp/lnpMZA8Zxnm7JVQlNxxvrBsLttiEhytCkhAxBOzprXg00yoH HQaRiOsPCDUTlvS73V3e5QfqTjWihUHiIwprxzL0nVIq7gZfwDs7/80QPZjm/yPK OwOLGSobA2J/iyEG5VlLEaxyOBeyAfw5uMR5iHe0TKofyxBXFdSo69/oYDB8CVYp ncJxX9e32EIrB/4aqCM9r/nVhos4QdwDfJIWncQVooQQisPd8zXLccSi9PkFxFQS k4BnXv70QlIq9PnWi209kPyaU3TcQwEYRjZJBZqYRESaHLLnPGw= =O0QV -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2022-21426 // VULHUB: VHN-407039 // VULMON: CVE-2022-21426 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 167980 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 167979 // PACKETSTORM: 169256

AFFECTED PRODUCTS

vendor:	oracle	model:	jre	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	netapp	model:	santricity unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	17.32	Trust: 1.0
vendor:	netapp	model:	cloud insights acquisition unit	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	22.0.0.2	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	11.54	Trust: 1.0
vendor:	netapp	model:	7-mode transition tool	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	15.38	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	13.46	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	20.3.5	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	21.3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.1	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	6.45	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	18.28	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	7.52	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	8.60	Trust: 1.0

sources: NVD: CVE-2022-21426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
secalert_us@oracle.com:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-407039
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-21426
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-407039
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

secalert_us@oracle.com:	CVE-2022-21426
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-407039 // VULMON: CVE-2022-21426 // NVD: CVE-2022-21426 // NVD: CVE-2022-21426

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-21426

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 167980 // PACKETSTORM: 167979

TYPE

info disclosure

Trust: 0.1

sources: PACKETSTORM: 169256

PATCH

title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-21426	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-21426	Trust: 0.1
title:	Red Hat: Moderate: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20233136 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: USN-5388-1: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-1	Trust: 0.1
title:	Ubuntu Security Notice: USN-5388-2: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-2	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221487 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221442 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221440 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221488 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 8u332 Windows builds release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221492 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221441 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 11.0.15 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221435 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221444 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 11.0.15 security update for Windows Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221439 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 8u332 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221438 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221490 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221491 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221489 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221728 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222137 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221443 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 17.0.3 security update for Windows Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221437 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-17-openjdk security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221445 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 17.0.3 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221436 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-17-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221729 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5131-1 openjdk-11 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5c8840c405cfcf2d530316add80d95b7	Trust: 0.1
title:	Debian Security Advisories: DSA-5128-1 openjdk-17 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c35e0aa61b24f917b1354b5d6ba66425	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.8.41 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222272 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container images	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221679 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221713 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.7.50 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221699 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-1	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 3.11.705 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222281 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1791	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1791	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1790	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1790	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1778	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1778	Trust: 0.1
title:	Amazon Linux 2: ALAS2CORRETTO8-2022-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2CORRETTO8-2022-002	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222216 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222218 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222217 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-113	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-112	Trust: 0.1
title:	Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2JAVA-OPENJDK11-2022-002	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221622 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1633	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1633	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1631	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1631	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1835	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1835	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21426

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21426	Trust: 2.0
db:	PACKETSTORM	id:	167378	Trust: 0.2
db:	PACKETSTORM	id:	167980	Trust: 0.2
db:	PACKETSTORM	id:	167122	Trust: 0.2
db:	PACKETSTORM	id:	167140	Trust: 0.2
db:	PACKETSTORM	id:	167979	Trust: 0.2
db:	PACKETSTORM	id:	167385	Trust: 0.1
db:	PACKETSTORM	id:	167327	Trust: 0.1
db:	PACKETSTORM	id:	167008	Trust: 0.1
db:	PACKETSTORM	id:	167388	Trust: 0.1
db:	PACKETSTORM	id:	166967	Trust: 0.1
db:	PACKETSTORM	id:	167088	Trust: 0.1
db:	PACKETSTORM	id:	167142	Trust: 0.1
db:	PACKETSTORM	id:	167164	Trust: 0.1
db:	PACKETSTORM	id:	167271	Trust: 0.1
db:	PACKETSTORM	id:	166954	Trust: 0.1
db:	VULHUB	id:	VHN-407039	Trust: 0.1
db:	VULMON	id:	CVE-2022-21426	Trust: 0.1
db:	PACKETSTORM	id:	166903	Trust: 0.1
db:	PACKETSTORM	id:	166800	Trust: 0.1
db:	PACKETSTORM	id:	169256	Trust: 0.1

sources: VULHUB: VHN-407039 // VULMON: CVE-2022-21426 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 167980 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 167979 // PACKETSTORM: 169256 // NVD: CVE-2022-21426

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20220429-0006/	Trust: 1.2
url:	https://www.debian.org/security/2022/dsa-5128	Trust: 1.2
url:	https://www.debian.org/security/2022/dsa-5131	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21449	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43797	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0759	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43797	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25636	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25636	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-4028	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4028	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37136	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0759	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.2
url:	https://ubuntu.com/security/notices/usn-5546-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21540	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34169	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21549	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:3136	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5388-1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2218	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2217	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~18.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-18/18.0.2+9-2~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~18.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~18.04	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1492	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2137	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1444	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5546-2	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openjdk-17	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 166800

SOURCES

db:	VULHUB	id:	VHN-407039
db:	VULMON	id:	CVE-2022-21426
db:	PACKETSTORM	id:	167140
db:	PACKETSTORM	id:	167122
db:	PACKETSTORM	id:	167980
db:	PACKETSTORM	id:	166903
db:	PACKETSTORM	id:	167378
db:	PACKETSTORM	id:	166800
db:	PACKETSTORM	id:	167979
db:	PACKETSTORM	id:	169256
db:	NVD	id:	CVE-2022-21426

LAST UPDATE DATE

2026-04-18T21:46:16.366000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-07-28T00:00:00
db:	VULMON	id:	CVE-2022-21426	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2022-21426	date:	2024-11-21T06:44:40.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-04-19T00:00:00
db:	VULMON	id:	CVE-2022-21426	date:	2022-04-19T00:00:00
db:	PACKETSTORM	id:	167140	date:	2022-05-12T15:53:27
db:	PACKETSTORM	id:	167122	date:	2022-05-12T15:38:35
db:	PACKETSTORM	id:	167980	date:	2022-08-05T14:51:20
db:	PACKETSTORM	id:	166903	date:	2022-04-29T12:37:12
db:	PACKETSTORM	id:	167378	date:	2022-06-03T15:37:50
db:	PACKETSTORM	id:	166800	date:	2022-04-21T15:09:24
db:	PACKETSTORM	id:	167979	date:	2022-08-05T14:51:13
db:	PACKETSTORM	id:	169256	date:	2022-05-28T19:12:00
db:	NVD	id:	CVE-2022-21426	date:	2022-04-19T21:15:15.157