A flaw was found in various components of OpenJDK in the way strings containing NULL characters were used. A specially-crafted input could lead a Java application to truncate strings incorrectly and misbehave, possibly impacting the integrity of the application.
OpenJDK-8 upstream commits: https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6 https://github.com/openjdk/jdk8u/commit/2a54b080ed565c1d1ddadad27d2e4b77058ef2c7 https://github.com/openjdk/jdk8u/commit/17ba2dfb47f22a6a89609c94be50cabc6df5c8c9 OpenJDK-11 upstream commits: https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557 https://github.com/openjdk/jdk11u/commit/36871ab89cf5f531b1d045e22676275e60db91d7 OpenJDK-17 upstream commits: https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897 https://github.com/openjdk/jdk17u/commit/ae88233d9481be3968948ef71f9fdbaebb874160
Public now via Oracle CPU April 2023: https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA Fixed in Oracle Java SE 8u371, 11.0.19, 17.0.7, 20.0.1. Release notes: https://www.oracle.com/java/technologies/javase/8u371-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:1875 https://access.redhat.com/errata/RHSA-2023:1875
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1877 https://access.redhat.com/errata/RHSA-2023:1877
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1878 https://access.redhat.com/errata/RHSA-2023:1878
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1879 https://access.redhat.com/errata/RHSA-2023:1879
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1880 https://access.redhat.com/errata/RHSA-2023:1880
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.19 Via RHSA-2023:1883 https://access.redhat.com/errata/RHSA-2023:1883
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.19 Via RHSA-2023:1882 https://access.redhat.com/errata/RHSA-2023:1882
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.7 Via RHSA-2023:1885 https://access.redhat.com/errata/RHSA-2023:1885
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.7 Via RHSA-2023:1884 https://access.redhat.com/errata/RHSA-2023:1884
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1889 https://access.redhat.com/errata/RHSA-2023:1889
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1890 https://access.redhat.com/errata/RHSA-2023:1890
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1891 https://access.redhat.com/errata/RHSA-2023:1891
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1892 https://access.redhat.com/errata/RHSA-2023:1892
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1895 https://access.redhat.com/errata/RHSA-2023:1895
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1898 https://access.redhat.com/errata/RHSA-2023:1898
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1899 https://access.redhat.com/errata/RHSA-2023:1899
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1900 https://access.redhat.com/errata/RHSA-2023:1900
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:1904 https://access.redhat.com/errata/RHSA-2023:1904
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1911 https://access.redhat.com/errata/RHSA-2023:1911
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1905 https://access.redhat.com/errata/RHSA-2023:1905
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1906 https://access.redhat.com/errata/RHSA-2023:1906
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1909 https://access.redhat.com/errata/RHSA-2023:1909
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1908 https://access.redhat.com/errata/RHSA-2023:1908
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1910 https://access.redhat.com/errata/RHSA-2023:1910
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1907 https://access.redhat.com/errata/RHSA-2023:1907
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:1912 https://access.redhat.com/errata/RHSA-2023:1912
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:1903 https://access.redhat.com/errata/RHSA-2023:1903
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-21937
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4103 https://access.redhat.com/errata/RHSA-2023:4103
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2023:4160 https://access.redhat.com/errata/RHSA-2023:4160