It was discovered that the ZipFile class implementation in the Libraries component of OpenJDK failed to properly handle ZIP archives that contain a negative value in the uncompressed size and compressed size fields. A specially crafted ZIP file could cause a Java application to enter an infinite loop when extracting data from such archive.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22036
OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/bc9d1298e7629cb25747e099dfdaa241a3cac936 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/6d8eb493105894d68efff0b0095fd07f64f6cbe4
Oracle CPU July 2023: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA Fixed in Oracle Java SE 11.0.20, 17.0.8, 20.0.2. Release notes: https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html
ZIP64 Extra Field Validation was improved as part of the fix. Quoting JDK release notes: java.util.zip.ZipFile has been updated to provide additional validation of ZIP64 extra fields when opening a ZIP file. This validation may be disabled by setting the system property jdk.util.zip.disableZip64ExtraFieldValidation to true.