Executive Summary

Informations
Name CVE-2022-34169 First vendor Publication 2022-07-19
Vendor Cve Last vendor Modification 2022-08-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-681 Incorrect Conversion between Numeric Types

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12
Application 14
Application 1
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 3
Application 5
Application 5
Application 139
Hardware 1
Os 2
Os 2

Sources (Detail)

Source Url
CONFIRM https://security.netapp.com/advisory/ntap-20220729-0009/
DEBIAN https://www.debian.org/security/2022/dsa-5188
https://www.debian.org/security/2022/dsa-5192
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation....
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
https://www.oracle.com/security-alerts/cpujul2022.html
MLIST http://www.openwall.com/lists/oss-security/2022/07/19/5
http://www.openwall.com/lists/oss-security/2022/07/19/6
http://www.openwall.com/lists/oss-security/2022/07/20/2
http://www.openwall.com/lists/oss-security/2022/07/20/3

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2022-08-30 21:27:22
  • Multiple Updates
2022-08-26 21:27:24
  • Multiple Updates
2022-08-22 21:27:31
  • Multiple Updates
2022-08-08 21:27:26
  • Multiple Updates
2022-08-03 09:27:23
  • Multiple Updates
2022-07-30 00:27:24
  • Multiple Updates
2022-07-28 21:27:41
  • Multiple Updates
2022-07-27 21:27:58
  • Multiple Updates
2022-07-23 09:27:13
  • Multiple Updates
2022-07-21 09:27:10
  • Multiple Updates
2022-07-21 02:08:04
  • Multiple Updates
2022-07-21 02:07:58
  • Multiple Updates
2022-07-20 17:27:16
  • Multiple Updates
2022-07-20 09:27:15
  • Multiple Updates
2022-07-20 00:27:11
  • First insertion