CVE-2022-40433
Published: 22 August 2023
** REJECT ** This CVE ID has been rejected by its CNA as it was not a security issue.
From the Ubuntu Security Team
It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.9 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
References
- https://github.com/openjdk/jdk15u-dev/pull/261
- https://github.com/openjdk/jdk13u-dev/pull/394
- https://bugs.openjdk.org/browse/JDK-8283441
- https://github.com/openjdk/jdk11u-dev/pull/1183
- https://ubuntu.com/security/notices/USN-6528-1
- https://www.cve.org/CVERecord?id=CVE-2022-40433
- NVD
- Launchpad
- Debian