OpenJDK Vulnerability Advisory: 2023/07/18
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 20.0.1, 17.0.7, 11.0.19, 8u372, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | ||||||
|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
8 | 11 | 17 | 20 |
| CVE-2023-22041 | hotspot/ compiler |
5.1 LHNNUHNN |
• | • | • | |
| CVE-2023-25193 | client-libs/ 2d |
3.7 NHNNUNNL |
• | • | • | |
| CVE-2023-22044 | hotspot/ compiler |
3.7 NHNNULNN |
• | • | ||
| CVE-2023-22045 | hotspot/ compiler |
3.7 NHNNULNN |
• | • | • | • |
| CVE-2023-22049 | core-libs/ java.io |
3.7 NHNNUNLN |
• | • | • | • |
| CVE-2023-22036 | core-libs/ java.util |
3.7 NHNNUNNL |
• | • | • | |
| CVE-2023-22006 | core-libs/ java.net |
3.1 NHNRUNLN |
• | • | • | |
OpenJFX Risk matrix
| Affects ... | |||||
|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
11 | 17 | 20 |
| CVE-2023-22043 | javafx/ graphics |
5.9 NHNNUNHN |
• | • | • |
Acknowledgements
We acknowledge the following parties for their reports and contributions: David Stancu, Eirik Bjorsnos, Markus Loewe, Motoyasu Saburi, Qing Xu, and Zhiqiang Zang.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
Last update: 2023/07/18 17:44 UTC
