OpenJDK Vulnerability Advisory: 2023/01/17
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 19.0.1, 17.0.5, 15.0.9, 13.0.13, 11.0.17, 8u352, 7u361, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
Affects ... | |||||||||
---|---|---|---|---|---|---|---|---|---|
CVE ID | Component | CVSSv3.1 Vector |
7 | 8 | 11 | 13 | 15 | 17 | 19 |
CVE-2023-21835 | security-libs/ javax.net.ssl |
5.3 NLNNUNNL |
• | • | • | • | • | ||
CVE-2023-21830 | other-libs | 5.3 NLNNUNLN |
• | • | |||||
CVE-2023-21843 | client-libs/ javax.sound |
3.7 NHNNUNLN |
• | • | • | • | • | • | • |
OpenJFX Risk matrix
Affects ... | |||||||||
---|---|---|---|---|---|---|---|---|---|
CVE ID | Component | CVSSv3.1 Vector |
7 | 8 | 11 | 13 | 15 | 17 | 19 |
None |
Acknowledgements
We acknowledge the following parties for their reports and contributions: 4ra1n, Beichen, Jeff Dileo, Juraj Somorovsky, Marcel Maehren, Markus Loewe, Nurullah Erinola, Robert Merget, Thiscodecc, and Y4tacker.
We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, JDK 15 Updates, JDK 17 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.