Vulnerabilities > CVE-2022-40433 - Unspecified vulnerability in Oracle Openjdk

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

oracle

NVD

Published: 2023-08-22

Updated: 2023-12-06

Summary

An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Openjdk 11 Oracle Openjdk 18 Oracle Openjdk 17.0.2 Oracle Openjdk 7 Oracle Openjdk 8	5

References

https://bugs.openjdk.org/browse/JDK-8283441
https://github.com/openjdk/jdk13u-dev/pull/394
https://github.com/openjdk/jdk11u-dev/pull/1183
https://github.com/openjdk/jdk15u-dev/pull/261