#VU78410 Improper input validation in Oracle GraalVM for JDK - CVE-2023-22041

Cybersecurity Help s.r.o.

Published: 2023-07-19

Vulnerability identifier: #VU78410

Vulnerability risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-22041

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Oracle GraalVM for JDK
Universal components / Libraries / Software for developers

Vendor: Oracle

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle GraalVM for JDK: 17.0.7 - 20.0.1

External links
https://www.oracle.com/security-alerts/cpujul2023.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Dell CloudBoost Virtual Appliance update for third-party components

Amazon Linux AMI update for java-11-amazon-corretto

Amazon Linux AMI update for java-17-amazon-corretto

Gentoo update for OpenJDK

Gentoo update for HarfBuzz

Multiple vulnerabilities in Total Storage Service Console (TSSC) / TS4500 IMC

Multiple vulnerabilities in Dell EMC VxRail Appliance

Multiple vulnerabilities in Dell Repository Manager

Multiple vulnerabilities in IBM Maximo Application Suite - Manage Component

Improper input validation in IBM Sterling Partner Engagement Manager