OpenJDK Vulnerability Advisory: 2023/07/18

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 20.0.1, 17.0.7, 11.0.19, 8u372, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.

The current and previous advisories are available for reference.

OpenJDK Risk matrix

Affects ...
CVE ID Component CVSSv3.1 8 11 17 20
CVE-2023-22041 hotspot/
compiler
5.1
CVE-2023-25193 client-libs/
2d
3.7
CVE-2023-22044 hotspot/
compiler
3.7
CVE-2023-22045 hotspot/
compiler
3.7
CVE-2023-22049 core-libs/
java.io
3.7
CVE-2023-22036 core-libs/
java.util
3.7
CVE-2023-22006 core-libs/
java.net
3.1

OpenJFX Risk matrix

Affects ...
CVE ID Component CVSSv3.1 11 17 20
CVE-2023-22043 javafx/
graphics
5.9

Acknowledgements

We acknowledge the following parties for their reports and contributions: David Stancu, Eirik Bjorsnos, Markus Loewe, Motoyasu Saburi, Qing Xu, and Zhiqiang Zang.

We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.

How to report a vulnerability

Please see the reporting instructions for information about how to report a vulnerability.

Last update: 2023/07/18 17:44 UTC