2187802 – (CVE-2023-21968) CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Bug 2187802 (CVE-2023-21968) - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Summary: CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path con...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-21968
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2185197 2185198 2185199 2185200 2185201 2185202 2185203 2185204 2185205 2185206 2185207 2185208 2185209 2185210 2185211 2185212 2185213 2185214 2185215 2185216 2185217 2185218 2185219 2185220 2185221 2185222 2185223 2185224 2185225 2185226 2185227 2185228 2185229 2188616 2215911 2215912 2215913
Blocks:	2185177
TreeView+	depends on / blocked

Reported:	2023-04-18 17:21 UTC by Mauro Matteo Cascella
Modified:	2023-09-13 08:34 UTC (History)
CC List:	21 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-04-25 16:44:42 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2023:1924	None	None	None	2023-04-24 00:21:27 UTC
Red Hat Product Errata	RHBA-2023:1925	None	None	None	2023-04-24 00:21:57 UTC
Red Hat Product Errata	RHBA-2023:1926	None	None	None	2023-04-24 00:22:11 UTC
Red Hat Product Errata	RHBA-2023:1928	None	None	None	2023-04-24 01:10:44 UTC
Red Hat Product Errata	RHBA-2023:1936	None	None	None	2023-04-24 08:42:27 UTC
Red Hat Product Errata	RHBA-2023:1937	None	None	None	2023-04-24 11:23:01 UTC
Red Hat Product Errata	RHBA-2023:1938	None	None	None	2023-04-24 11:45:28 UTC
Red Hat Product Errata	RHBA-2023:1939	None	None	None	2023-04-24 11:29:30 UTC
Red Hat Product Errata	RHBA-2023:1940	None	None	None	2023-04-24 12:57:57 UTC
Red Hat Product Errata	RHBA-2023:1942	None	None	None	2023-04-24 14:20:39 UTC
Red Hat Product Errata	RHBA-2023:1955	None	None	None	2023-04-25 05:29:29 UTC
Red Hat Product Errata	RHBA-2023:2011	None	None	None	2023-04-25 23:25:31 UTC
Red Hat Product Errata	RHBA-2023:2025	None	None	None	2023-04-26 09:58:28 UTC
Red Hat Product Errata	RHBA-2023:2028	None	None	None	2023-04-26 11:35:53 UTC
Red Hat Product Errata	RHBA-2023:2034	None	None	None	2023-04-26 18:41:02 UTC
Red Hat Product Errata	RHBA-2023:2049	None	None	None	2023-04-27 14:07:58 UTC
Red Hat Product Errata	RHBA-2023:2050	None	None	None	2023-04-27 14:07:48 UTC
Red Hat Product Errata	RHBA-2023:2054	None	None	None	2023-04-27 16:18:36 UTC
Red Hat Product Errata	RHBA-2023:2066	None	None	None	2023-05-01 22:11:34 UTC
Red Hat Product Errata	RHBA-2023:2079	None	None	None	2023-05-02 10:16:12 UTC
Red Hat Product Errata	RHBA-2023:2090	None	None	None	2023-05-03 02:23:50 UTC
Red Hat Product Errata	RHBA-2023:2142	None	None	None	2023-05-08 01:05:10 UTC
Red Hat Product Errata	RHBA-2023:3160	None	None	None	2023-05-17 01:48:55 UTC
Red Hat Product Errata	RHBA-2023:3168	None	None	None	2023-05-17 10:30:19 UTC
Red Hat Product Errata	RHBA-2023:3172	None	None	None	2023-05-17 10:36:45 UTC
Red Hat Product Errata	RHBA-2023:3173	None	None	None	2023-05-17 10:30:40 UTC
Red Hat Product Errata	RHBA-2023:3174	None	None	None	2023-05-17 10:40:58 UTC
Red Hat Product Errata	RHBA-2023:3226	None	None	None	2023-05-18 14:08:20 UTC
Red Hat Product Errata	RHBA-2023:3376	None	None	None	2023-05-31 12:49:46 UTC
Red Hat Product Errata	RHBA-2023:3378	None	None	None	2023-05-31 12:50:13 UTC
Red Hat Product Errata	RHBA-2023:5037	None	None	None	2023-09-11 08:42:56 UTC
Red Hat Product Errata	RHSA-2023:1875	None	None	None	2023-04-19 13:31:27 UTC
Red Hat Product Errata	RHSA-2023:1877	None	None	None	2023-04-19 13:58:17 UTC
Red Hat Product Errata	RHSA-2023:1878	None	None	None	2023-04-19 14:20:00 UTC
Red Hat Product Errata	RHSA-2023:1879	None	None	None	2023-04-19 15:07:22 UTC
Red Hat Product Errata	RHSA-2023:1880	None	None	None	2023-04-19 15:27:20 UTC
Red Hat Product Errata	RHSA-2023:1882	None	None	None	2023-04-19 19:27:53 UTC
Red Hat Product Errata	RHSA-2023:1883	None	None	None	2023-04-19 19:27:39 UTC
Red Hat Product Errata	RHSA-2023:1884	None	None	None	2023-04-19 19:36:51 UTC
Red Hat Product Errata	RHSA-2023:1885	None	None	None	2023-04-19 19:36:37 UTC
Red Hat Product Errata	RHSA-2023:1889	None	None	None	2023-04-20 00:29:59 UTC
Red Hat Product Errata	RHSA-2023:1890	None	None	None	2023-04-20 00:48:17 UTC
Red Hat Product Errata	RHSA-2023:1891	None	None	None	2023-04-20 01:14:33 UTC
Red Hat Product Errata	RHSA-2023:1892	None	None	None	2023-04-20 01:36:26 UTC
Red Hat Product Errata	RHSA-2023:1895	None	None	None	2023-04-20 02:02:18 UTC
Red Hat Product Errata	RHSA-2023:1898	None	None	None	2023-04-20 02:30:25 UTC
Red Hat Product Errata	RHSA-2023:1899	None	None	None	2023-04-20 02:47:28 UTC
Red Hat Product Errata	RHSA-2023:1900	None	None	None	2023-04-20 03:01:42 UTC
Red Hat Product Errata	RHSA-2023:1903	None	None	None	2023-04-25 11:06:37 UTC
Red Hat Product Errata	RHSA-2023:1904	None	None	None	2023-04-25 02:49:29 UTC
Red Hat Product Errata	RHSA-2023:1905	None	None	None	2023-04-25 03:20:21 UTC
Red Hat Product Errata	RHSA-2023:1906	None	None	None	2023-04-25 03:44:05 UTC
Red Hat Product Errata	RHSA-2023:1907	None	None	None	2023-04-25 10:40:29 UTC
Red Hat Product Errata	RHSA-2023:1908	None	None	None	2023-04-25 04:18:59 UTC
Red Hat Product Errata	RHSA-2023:1909	None	None	None	2023-04-25 04:01:30 UTC
Red Hat Product Errata	RHSA-2023:1910	None	None	None	2023-04-25 10:24:32 UTC
Red Hat Product Errata	RHSA-2023:1911	None	None	None	2023-04-25 03:09:05 UTC
Red Hat Product Errata	RHSA-2023:1912	None	None	None	2023-04-25 11:06:24 UTC
Red Hat Product Errata	RHSA-2023:4103	None	None	None	2023-07-17 08:48:30 UTC
Red Hat Product Errata	RHSA-2023:4160	None	None	None	2023-07-31 09:30:57 UTC

Description Mauro Matteo Cascella 2023-04-18 17:21:38 UTC

It was discovered that the UnixUriUtils class in the Libraries component of OpenJDK failed to sanitize strings containing slash characters when converting URIs to file system paths. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions by creating Path objects with invalid paths.

Comment 7 Mauro Matteo Cascella 2023-04-19 10:42:08 UTC

OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/33758aeb351a6d8e6bedc5457b501d1e6d471810

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/504887c927575b797ece955a2f78c45d312f6762

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/e78fe926ef1a9460486c87a106a6f447d085da2e

Comment 8 Mauro Matteo Cascella 2023-04-19 10:58:29 UTC

Public now via Oracle CPU April 2023:

https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA

Fixed in Oracle Java SE 8u371, 11.0.19, 17.0.7, 20.0.1.

Release notes:
https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html

Comment 9 errata-xmlrpc 2023-04-19 13:31:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1875 https://access.redhat.com/errata/RHSA-2023:1875

Comment 10 errata-xmlrpc 2023-04-19 13:58:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1877 https://access.redhat.com/errata/RHSA-2023:1877

Comment 11 errata-xmlrpc 2023-04-19 14:19:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1878 https://access.redhat.com/errata/RHSA-2023:1878

Comment 12 errata-xmlrpc 2023-04-19 15:07:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1879 https://access.redhat.com/errata/RHSA-2023:1879

Comment 13 errata-xmlrpc 2023-04-19 15:27:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1880 https://access.redhat.com/errata/RHSA-2023:1880

Comment 14 errata-xmlrpc 2023-04-19 19:27:36 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.19

Via RHSA-2023:1883 https://access.redhat.com/errata/RHSA-2023:1883

Comment 15 errata-xmlrpc 2023-04-19 19:27:51 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.19

Via RHSA-2023:1882 https://access.redhat.com/errata/RHSA-2023:1882

Comment 16 errata-xmlrpc 2023-04-19 19:36:35 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.7

Via RHSA-2023:1885 https://access.redhat.com/errata/RHSA-2023:1885

Comment 17 errata-xmlrpc 2023-04-19 19:36:50 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.7

Via RHSA-2023:1884 https://access.redhat.com/errata/RHSA-2023:1884

Comment 18 errata-xmlrpc 2023-04-20 00:29:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1889 https://access.redhat.com/errata/RHSA-2023:1889

Comment 19 errata-xmlrpc 2023-04-20 00:48:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1890 https://access.redhat.com/errata/RHSA-2023:1890

Comment 20 errata-xmlrpc 2023-04-20 01:14:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1891 https://access.redhat.com/errata/RHSA-2023:1891

Comment 21 errata-xmlrpc 2023-04-20 01:36:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1892 https://access.redhat.com/errata/RHSA-2023:1892

Comment 22 errata-xmlrpc 2023-04-20 02:02:16 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1895 https://access.redhat.com/errata/RHSA-2023:1895

Comment 23 errata-xmlrpc 2023-04-20 02:30:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1898 https://access.redhat.com/errata/RHSA-2023:1898

Comment 24 errata-xmlrpc 2023-04-20 02:47:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1899 https://access.redhat.com/errata/RHSA-2023:1899

Comment 25 errata-xmlrpc 2023-04-20 03:01:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1900 https://access.redhat.com/errata/RHSA-2023:1900

Comment 27 errata-xmlrpc 2023-04-25 02:49:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1904 https://access.redhat.com/errata/RHSA-2023:1904

Comment 28 errata-xmlrpc 2023-04-25 03:09:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1911 https://access.redhat.com/errata/RHSA-2023:1911

Comment 29 errata-xmlrpc 2023-04-25 03:20:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1905 https://access.redhat.com/errata/RHSA-2023:1905

Comment 30 errata-xmlrpc 2023-04-25 03:44:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1906 https://access.redhat.com/errata/RHSA-2023:1906

Comment 31 errata-xmlrpc 2023-04-25 04:01:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1909 https://access.redhat.com/errata/RHSA-2023:1909

Comment 32 errata-xmlrpc 2023-04-25 04:18:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1908 https://access.redhat.com/errata/RHSA-2023:1908

Comment 33 errata-xmlrpc 2023-04-25 10:24:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1910 https://access.redhat.com/errata/RHSA-2023:1910

Comment 34 errata-xmlrpc 2023-04-25 10:40:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1907 https://access.redhat.com/errata/RHSA-2023:1907

Comment 35 errata-xmlrpc 2023-04-25 11:06:22 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:1912 https://access.redhat.com/errata/RHSA-2023:1912

Comment 36 errata-xmlrpc 2023-04-25 11:06:35 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:1903 https://access.redhat.com/errata/RHSA-2023:1903

Comment 37 Product Security DevOps Team 2023-04-25 16:44:39 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-21968

Comment 39 errata-xmlrpc 2023-07-17 08:48:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4103 https://access.redhat.com/errata/RHSA-2023:4103

Comment 40 errata-xmlrpc 2023-07-31 09:30:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2023:4160 https://access.redhat.com/errata/RHSA-2023:4160

Note You need to log in before you can comment on or make changes to this bug.

ahughes
caswilli
chazlett
dbhole
dffrench
dfitzmau
fjansen
gzaronik
hbraun
jdowland
jhuttana
jvanek
kaycoth
neugens
ngough
pjindal
rgodfrey
security-response-team
sraghupu
sthirugn
vkrizan