A flaw was found in the way the Hotspot component of OpenJDK handled array accesses in case of overflow in the index computation. This flaw could lead to an access at an invalid array position, leading to an out-of-bounds read vulnerability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4167 https://access.redhat.com/errata/RHSA-2023:4167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4168 https://access.redhat.com/errata/RHSA-2023:4168
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4173 https://access.redhat.com/errata/RHSA-2023:4173
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4172 https://access.redhat.com/errata/RHSA-2023:4172
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4174 https://access.redhat.com/errata/RHSA-2023:4174
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u382 Via RHSA-2023:4209 https://access.redhat.com/errata/RHSA-2023:4209
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u382 Via RHSA-2023:4212 https://access.redhat.com/errata/RHSA-2023:4212
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4176 https://access.redhat.com/errata/RHSA-2023:4176
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4178 https://access.redhat.com/errata/RHSA-2023:4178
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4166 https://access.redhat.com/errata/RHSA-2023:4166
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22045
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/ec0818add7069be2fe3854edd1f3d2d7c8e07746 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/5ba24640f6097262bdf6b4a32a7945c445f2246a OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/a0846b4065bbd46420adceb912c4e29c74474f3f
Oracle CPU July 2023: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA Fixed in Oracle Java SE 8u381, 11.0.20, 17.0.8, 20.0.2. Release notes: https://www.oracle.com/java/technologies/javase/8u381-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html