7.5

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Data is provided by the National Vulnerability Database (NVD)
ApacheXalan-java Version <= 2.7.2
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
OracleGraalvm Version20.3.6 SwEditionenterprise
OracleGraalvm Version21.3.2 SwEditionenterprise
OracleGraalvm Version22.1.0 SwEditionenterprise
OracleJdk Version1.7.0 Updateupdate343
OracleJdk Version1.8.0 Updateupdate333
OracleJdk Version11.0.15.1
OracleJdk Version17.0.3.1
OracleJdk Version18.0.1.1
OracleJre Version1.7.0 Updateupdate343
OracleJre Version1.8.0 Updateupdate333
OracleJre Version11.0.15.1
OracleJre Version17.0.3.1
OracleJre Version18.0.1.1
OracleOpenjdk Version >= 11 <= 11.0.15
OracleOpenjdk Version >= 13 <= 13.0.11
OracleOpenjdk Version >= 15 <= 15.0.7
OracleOpenjdk Version >= 17 <= 17.0.3
OracleOpenjdk Version7 Update-
OracleOpenjdk Version7 Updateupdate1
OracleOpenjdk Version7 Updateupdate10
OracleOpenjdk Version7 Updateupdate101
OracleOpenjdk Version7 Updateupdate11
OracleOpenjdk Version7 Updateupdate111
OracleOpenjdk Version7 Updateupdate121
OracleOpenjdk Version7 Updateupdate13
OracleOpenjdk Version7 Updateupdate131
OracleOpenjdk Version7 Updateupdate141
OracleOpenjdk Version7 Updateupdate15
OracleOpenjdk Version7 Updateupdate151
OracleOpenjdk Version7 Updateupdate161
OracleOpenjdk Version7 Updateupdate17
OracleOpenjdk Version7 Updateupdate171
OracleOpenjdk Version7 Updateupdate181
OracleOpenjdk Version7 Updateupdate191
OracleOpenjdk Version7 Updateupdate2
OracleOpenjdk Version7 Updateupdate201
OracleOpenjdk Version7 Updateupdate21
OracleOpenjdk Version7 Updateupdate211
OracleOpenjdk Version7 Updateupdate221
OracleOpenjdk Version7 Updateupdate231
OracleOpenjdk Version7 Updateupdate241
OracleOpenjdk Version7 Updateupdate25
OracleOpenjdk Version7 Updateupdate251
OracleOpenjdk Version7 Updateupdate261
OracleOpenjdk Version7 Updateupdate271
OracleOpenjdk Version7 Updateupdate281
OracleOpenjdk Version7 Updateupdate291
OracleOpenjdk Version7 Updateupdate3
OracleOpenjdk Version7 Updateupdate301
OracleOpenjdk Version7 Updateupdate311
OracleOpenjdk Version7 Updateupdate321
OracleOpenjdk Version7 Updateupdate4
OracleOpenjdk Version7 Updateupdate40
OracleOpenjdk Version7 Updateupdate45
OracleOpenjdk Version7 Updateupdate5
OracleOpenjdk Version7 Updateupdate51
OracleOpenjdk Version7 Updateupdate55
OracleOpenjdk Version7 Updateupdate6
OracleOpenjdk Version7 Updateupdate60
OracleOpenjdk Version7 Updateupdate65
OracleOpenjdk Version7 Updateupdate67
OracleOpenjdk Version7 Updateupdate7
OracleOpenjdk Version7 Updateupdate72
OracleOpenjdk Version7 Updateupdate76
OracleOpenjdk Version7 Updateupdate80
OracleOpenjdk Version7 Updateupdate85
OracleOpenjdk Version7 Updateupdate9
OracleOpenjdk Version7 Updateupdate91
OracleOpenjdk Version7 Updateupdate95
OracleOpenjdk Version7 Updateupdate97
OracleOpenjdk Version7 Updateupdate99
OracleOpenjdk Version8 Update-
OracleOpenjdk Version8 Updatemilestone1
OracleOpenjdk Version8 Updatemilestone2
OracleOpenjdk Version8 Updatemilestone3
OracleOpenjdk Version8 Updatemilestone4
OracleOpenjdk Version8 Updatemilestone5
OracleOpenjdk Version8 Updatemilestone6
OracleOpenjdk Version8 Updatemilestone7
OracleOpenjdk Version8 Updatemilestone8
OracleOpenjdk Version8 Updatemilestone9
OracleOpenjdk Version8 Updateupdate101
OracleOpenjdk Version8 Updateupdate102
OracleOpenjdk Version8 Updateupdate11
OracleOpenjdk Version8 Updateupdate111
OracleOpenjdk Version8 Updateupdate112
OracleOpenjdk Version8 Updateupdate121
OracleOpenjdk Version8 Updateupdate131
OracleOpenjdk Version8 Updateupdate141
OracleOpenjdk Version8 Updateupdate151
OracleOpenjdk Version8 Updateupdate152
OracleOpenjdk Version8 Updateupdate161
OracleOpenjdk Version8 Updateupdate162
OracleOpenjdk Version8 Updateupdate171
OracleOpenjdk Version8 Updateupdate172
OracleOpenjdk Version8 Updateupdate181
OracleOpenjdk Version8 Updateupdate191
OracleOpenjdk Version8 Updateupdate192
OracleOpenjdk Version8 Updateupdate20
OracleOpenjdk Version8 Updateupdate201
OracleOpenjdk Version8 Updateupdate202
OracleOpenjdk Version8 Updateupdate211
OracleOpenjdk Version8 Updateupdate212
OracleOpenjdk Version8 Updateupdate221
OracleOpenjdk Version8 Updateupdate222
OracleOpenjdk Version8 Updateupdate231
OracleOpenjdk Version8 Updateupdate232
OracleOpenjdk Version8 Updateupdate241
OracleOpenjdk Version8 Updateupdate242
OracleOpenjdk Version8 Updateupdate25
OracleOpenjdk Version8 Updateupdate252
OracleOpenjdk Version8 Updateupdate262
OracleOpenjdk Version8 Updateupdate271
OracleOpenjdk Version8 Updateupdate281
OracleOpenjdk Version8 Updateupdate282
OracleOpenjdk Version8 Updateupdate291
OracleOpenjdk Version8 Updateupdate301
OracleOpenjdk Version8 Updateupdate302
OracleOpenjdk Version8 Updateupdate31
OracleOpenjdk Version8 Updateupdate312
OracleOpenjdk Version8 Updateupdate322
OracleOpenjdk Version8 Updateupdate332
OracleOpenjdk Version8 Updateupdate40
OracleOpenjdk Version8 Updateupdate45
OracleOpenjdk Version8 Updateupdate5
OracleOpenjdk Version8 Updateupdate51
OracleOpenjdk Version8 Updateupdate60
OracleOpenjdk Version8 Updateupdate65
OracleOpenjdk Version8 Updateupdate66
OracleOpenjdk Version8 Updateupdate71
OracleOpenjdk Version8 Updateupdate72
OracleOpenjdk Version8 Updateupdate73
OracleOpenjdk Version8 Updateupdate74
OracleOpenjdk Version8 Updateupdate77
OracleOpenjdk Version8 Updateupdate91
OracleOpenjdk Version8 Updateupdate92
OracleOpenjdk Version18
FedoraprojectFedora Version35
FedoraprojectFedora Version36
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
NetappCloud Secure Agent Version-
NetappOncommand Insight Version-
NetappSolidfire Version-
NetappHci Compute Node Version-
AzulZulu Version6.47
AzulZulu Version7.54
AzulZulu Version8.62
AzulZulu Version11.56
AzulZulu Version13.48
AzulZulu Version15.40
AzulZulu Version17.34
AzulZulu Version18.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 8.78% 0.922
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

http://www.openwall.com/lists/oss-security/2022/07/20/3
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/10/18/2
Patch
Third Party Advisory
Mailing List
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
Vendor Advisory
Mailing List
Issue Tracking
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
Vendor Advisory
Mailing List
Issue Tracking