QID 378498
Date Published: 2023-05-25
QID 378498: Red Hat OpenJDK 17.0.3 Security Update for Windows Builds (RHSA-2022:1437)
The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426).
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443).
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434).
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476).
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496).
OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449).
Affected Versions:
Red Hat build of OpenJDK 17 (17.0.2) and later Versions and Prior to OpenJDK 17 (17.0.3)
QID Detection Logic (Authenticated):
This QID checks for:
"HKLM\Software\JavaSoft\Java Runtime Environment"
"HKLM\Software\Wow6432Node\JavaSoft\Java Runtime Environment"
"HKLM\Software\JavaSoft\Java Development Kit"
"HKLM\Software\Wow6432Node\JavaSoft\Java Development Kit"
"HKLM\Software\JavaSoft\JRE"
"HKLM\Software\Wow6432Node\JavaSoft\JRE"
"HKLM\Software\JavaSoft\JDK"
and "HKLM\Software\Wow6432Node\JavaSoft\JDK" subkeys and fetches JavaHome value, checks for bin\java.exe file existence in the fetched location, performs jar extraction to confirm Red Hat as the vendor, then reads the compare the version for file java.exe and posts the QID on Windows Operating Systems
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of accessible data.
- RHSA-2022:1437 -
access.redhat.com/errata/RHSA-2022:1437
CVEs related to QID 378498
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2022:1437 |
access.redhat.com/errata/RHSA-2022:1437 |