Executive Summary

Informations
Name CVE-2022-34169 First vendor Publication 2022-07-19
Vendor Cve Last vendor Modification 2024-01-17

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-681 Incorrect Conversion between Numeric Types

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12
Application 8
Application 1
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 3
Application 5
Application 5
Application 194
Hardware 1
Os 2
Os 2

Sources (Detail)

https://security.gentoo.org/glsa/202401-25
Source Url
CONFIRM https://security.netapp.com/advisory/ntap-20220729-0009/
DEBIAN https://www.debian.org/security/2022/dsa-5188
https://www.debian.org/security/2022/dsa-5192
https://www.debian.org/security/2022/dsa-5256
MISC http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation....
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://www.oracle.com/security-alerts/cpujul2022.html
MLIST http://www.openwall.com/lists/oss-security/2022/07/19/5
http://www.openwall.com/lists/oss-security/2022/07/19/6
http://www.openwall.com/lists/oss-security/2022/07/20/2
http://www.openwall.com/lists/oss-security/2022/07/20/3
http://www.openwall.com/lists/oss-security/2022/10/18/2
http://www.openwall.com/lists/oss-security/2022/11/04/8
http://www.openwall.com/lists/oss-security/2022/11/07/2
https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Date Informations
2024-02-24 02:28:03
  • Multiple Updates
2024-01-17 21:27:48
  • Multiple Updates
2023-11-09 13:21:58
  • Multiple Updates
2023-08-31 13:20:42
  • Multiple Updates
2023-05-18 02:14:27
  • Multiple Updates
2023-05-12 21:27:39
  • Multiple Updates
2023-05-05 13:27:46
  • Multiple Updates
2023-04-27 21:27:35
  • Multiple Updates
2022-11-29 09:27:24
  • Multiple Updates
2022-11-08 00:27:30
  • Multiple Updates
2022-11-05 09:27:41
  • Multiple Updates
2022-10-19 13:27:49
  • Multiple Updates
2022-10-19 00:27:27
  • Multiple Updates
2022-10-18 21:27:27
  • Multiple Updates
2022-08-30 21:27:22
  • Multiple Updates
2022-08-26 21:27:24
  • Multiple Updates
2022-08-22 21:27:31
  • Multiple Updates
2022-08-08 21:27:26
  • Multiple Updates
2022-08-03 09:27:23
  • Multiple Updates
2022-07-30 00:27:24
  • Multiple Updates
2022-07-28 21:27:41
  • Multiple Updates
2022-07-27 21:27:58
  • Multiple Updates
2022-07-23 09:27:13
  • Multiple Updates
2022-07-21 09:27:10
  • Multiple Updates
2022-07-21 02:08:04
  • Multiple Updates
2022-07-21 02:07:58
  • Multiple Updates
2022-07-20 17:27:16
  • Multiple Updates
2022-07-20 09:27:15
  • Multiple Updates
2022-07-20 00:27:11
  • First insertion