登录 注册
开源 企业版 高校版 私有云 模力方舟 Gitee AI
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
18 Star 1 Fork 16

src-openEuler/openjdk-21

代码 Issues 10 Pull Requests 0 Wiki 统计 流水线
服务
Issues
 / 详情

CVE-2023-22081

已完成
CVE和安全问题
openeuler-ci-bot
拥有者
创建于  
2024-12-07 20:51

一、漏洞信息
漏洞编号:CVE-2023-22081
漏洞归属组件:openjdk-21
漏洞归属的版本:21.0.4.7,21.0.5.11
CVSS V3.0分值:
BaseScore:5.3 Medium
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
漏洞简述:
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
漏洞公开时间:2023-10-18 06:15:13
漏洞创建时间:2024-12-07 20:51:48
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2023-22081

更多参考(点击展开)
参考来源 参考链接 来源链接
secalert_us.oracle.com https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html
secalert_us.oracle.com https://security.netapp.com/advisory/ntap-20231027-0006/
secalert_us.oracle.com https://www.debian.org/security/2023/dsa-5537
secalert_us.oracle.com https://www.debian.org/security/2023/dsa-5548
secalert_us.oracle.com https://www.oracle.com/security-alerts/cpuoct2023.html
suse_bugzilla http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22081 https://bugzilla.suse.com/show_bug.cgi?id=1216374
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5742 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5739 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5741 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5743 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5747 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5740 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5750 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5752 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5737 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5753 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5744 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5746 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5734 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5735 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5745 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5726 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5725 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5736 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5751 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5761 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5731 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5732 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5727 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5728 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5729 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5733 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:5730 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://github.com/openjdk/jdk8u/commit/32ec85f1ee2c9d1cc5109d4c4678d2aadf6dbf09 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://github.com/openjdk/jdk11u/commit/e60621f7f8ade409bc01f84d2be08afc1ccfc2bb https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://github.com/openjdk/jdk17u/commit/3a391232c8aa4fdf54d73ec725bdb4b4e9192bb5 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/java/technologies/javase/8u391-relnotes.html https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/java/technologies/javase/8u391-perf-relnotes.html https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/java/technologies/javase/11-0-21-relnotes.html https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://www.oracle.com/java/technologies/javase/21-0-1-relnotes.html https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:6738 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2023:6887 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:0866 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:0879 https://bugzilla.redhat.com/show_bug.cgi?id=2243627
debian https://security-tracker.debian.org/tracker/CVE-2023-22081
oracle https://www.oracle.com/security-alerts/cpuoct2023.html
gentoo https://security.gentoo.org/glsa/202412-07
anolis https://anas.openanolis.cn/cves/detail/CVE-2023-22081
cve_search https://www.oracle.com/security-alerts/cpuoct2023.html
cve_search https://security.netapp.com/advisory/ntap-20231027-0006/
cve_search https://www.debian.org/security/2023/dsa-5537
cve_search https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html
cve_search https://www.debian.org/security/2023/dsa-5548
mageia http://advisories.mageia.org/MGASA-2023-0326.html
amazon_linux_explore https://access.redhat.com/security/cve/CVE-2023-22081 https://explore.alas.aws.amazon.com/CVE-2023-22081.html
amazon_linux_explore https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081 https://explore.alas.aws.amazon.com/CVE-2023-22081.html
snyk https://openjdk.org/groups/vulnerability/advisories/2023-10-17 https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6026490
snyk https://openjdk.org/groups/vulnerability/advisories/2023-10-17 https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-6004142

漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
https://github.com/openjdk/jdk8u/commit/32ec85f1ee2c9d1cc5109d4c4678d2aadf6dbf09 redhat_bugzilla
https://github.com/openjdk/jdk11u/commit/e60621f7f8ade409bc01f84d2be08afc1ccfc2bb redhat_bugzilla
https://github.com/openjdk/jdk17u/commit/3a391232c8aa4fdf54d73ec725bdb4b4e9192bb5 redhat_bugzilla
https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html nvd
https://security.netapp.com/advisory/ntap-20231027-0006/ nvd
https://www.debian.org/security/2023/dsa-5537 nvd
https://www.debian.org/security/2023/dsa-5548 nvd
https://www.oracle.com/security-alerts/cpuoct2023.html nvd

二、漏洞分析结构反馈
影响性分析说明:
不受影响
openEuler评分:
5.3
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
受影响版本排查(受影响/不受影响):
1.master(21.0.5.11):不受影响
2.openEuler-20.03-LTS-SP4:不受影响
3.openEuler-22.03-LTS-SP1:不受影响
4.openEuler-22.03-LTS-SP3:不受影响
5.openEuler-22.03-LTS-SP4(21.0.4.7):不受影响
6.openEuler-24.03-LTS(21.0.4.7):不受影响
7.openEuler-24.03-LTS-Next(21.0.4.7):不受影响
8.openEuler-24.03-LTS-SP1(21.0.5.11):不受影响

修复是否涉及abi变化(是/否):
1.master(21.0.5.11):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP1:否
4.openEuler-22.03-LTS-SP3:否
5.openEuler-22.03-LTS-SP4(21.0.4.7):否
6.openEuler-24.03-LTS(21.0.4.7):否
7.openEuler-24.03-LTS-Next(21.0.4.7):否
8.openEuler-24.03-LTS-SP1(21.0.5.11):否

原因说明:
1.master(21.0.5.11):不受影响-漏洞代码不能被攻击者触发
2.openEuler-20.03-LTS-SP4:不受影响-漏洞代码不能被攻击者触发
3.openEuler-22.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP3:不受影响-漏洞代码不能被攻击者触发
5.openEuler-22.03-LTS-SP4(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP1(21.0.5.11):不受影响-漏洞代码不能被攻击者触发

评论 (4)

5329419 openeuler ci bot 1632792936
openeuler-ci-bot 创建了CVE和安全问题 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
CVE/UNFIXED
标签 4个月前
展开全部操作日志
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
sig/Compiler
标签 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划开始日期设置为2024-12-07 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划截止日期设置为2025-01-06 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 优先级设置为次要 4个月前

影响性分析说明:不受影响

openEuler评分: 5.3
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

受影响版本排查(受影响/不受影响):
1.master(21.0.5.11):不受影响
2.openEuler-20.03-LTS-SP4:不受影响
3.openEuler-22.03-LTS-SP1:不受影响
4.openEuler-22.03-LTS-SP3:不受影响
5.openEuler-22.03-LTS-SP4(21.0.4.7):不受影响
6.openEuler-24.03-LTS(21.0.4.7):不受影响
7.openEuler-24.03-LTS-Next(21.0.4.7):不受影响
8.openEuler-24.03-LTS-SP1(21.0.5.11):不受影响

修复是否涉及abi变化(是/否):
1.master(21.0.5.11):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP1:否
4.openEuler-22.03-LTS-SP3:否
5.openEuler-22.03-LTS-SP4(21.0.4.7):否
6.openEuler-24.03-LTS(21.0.4.7):否
7.openEuler-24.03-LTS-Next(21.0.4.7):否
8.openEuler-24.03-LTS-SP1(21.0.5.11):否

原因说明:
1.master(21.0.5.11):不受影响-漏洞代码不能被攻击者触发
2.openEuler-20.03-LTS-SP4:不受影响-漏洞代码不能被攻击者触发
3.openEuler-22.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP3:不受影响-漏洞代码不能被攻击者触发
5.openEuler-22.03-LTS-SP4(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(21.0.4.7):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP1(21.0.5.11):不受影响-漏洞代码不能被攻击者触发
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 修改了描述 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划开始日期2024-12-07 修改为2024-12-17 4个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划截止日期2025-01-06 修改为2025-01-16 4个月前
liyajie-yajieli
liyajie 任务状态待办的 修改为已完成 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 移除了
 
CVE/UNFIXED
标签 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 移除了
 
sig/Compiler
标签 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
CVE/UNAFFECTED
标签 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
sig/Compiler
标签 3个月前

登录 后才可以发表评论

状态
负责人
项目
未立项任务
未立项任务
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
预计工期 (小时)
开始日期   -   截止日期
-
置顶选项
不置顶
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
次要
不指定
严重
主要
次要
不重要
标签
CVE/UNAFFECTED
sig/Compiler
里程碑
未关联里程碑
未关联里程碑
分支
未关联
分支 (10)
标签 (5)
master
openEuler-22.03-LTS-SP4
openEuler-24.03-LTS
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP2
openEuler-24.03-LTS-SP1
openEuler-25.03
openEuler-22.03-LTS-Next
openEuler-24.09
openEuler-23.09
openEuler-25.03-release
openEuler-24.03-LTS-SP1-release
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
参与者(2)
5329419 openeuler ci bot 1632792936 佛系少年中二-Autistic_boyya
1
https://gitee.com/src-openeuler/openjdk-21.git
git@gitee.com:src-openeuler/openjdk-21.git
src-openeuler
openjdk-21
openjdk-21
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部