CVE-2023-22081

Published Oct 12, 2023
·
Updated

A flaw was found in the PKIX certification path validation algorithm in the JSSE component of OpenJDK. A malicious remote client could use this flaw to craft a X.509 certificate and cause denial of service in a Java application processing such certificate.

Affected Software

38 affected componentsFixes available
ubuntu/openjdk-17<17.0.9+9-1~18.04
17.0.9+9-1~18.04
ubuntu/openjdk-17<17.0.9+9-1~20.04
17.0.9+9-1~20.04
ubuntu/openjdk-17<17.0.9+9-1~22.04
17.0.9+9-1~22.04
ubuntu/openjdk-17<17.0.9+9-1~23.04
17.0.9+9-1~23.04
ubuntu/openjdk-17<17.0.9+9-1~23.10
17.0.9+9-1~23.10
ubuntu/openjdk-21<21.0.1+12-2~22.04
21.0.1+12-2~22.04
ubuntu/openjdk-21<21.0.1+12-2~23.04
21.0.1+12-2~23.04
ubuntu/openjdk-21<21.0.1+12-2~23.10
21.0.1+12-2~23.10
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-lts<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
ubuntu/openjdk-lts<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
ubuntu/openjdk-lts<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
ubuntu/openjdk-lts<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
ubuntu/openjdk-lts<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
debian/openjdk-11
11.0.23+9-1~deb11u111.0.24~7ea-1
debian/openjdk-17
17.0.11+9-1~deb11u117.0.11+9-1~deb12u117.0.12~6ea-1
debian/openjdk-21
21.0.4~6ea-1
debian/openjdk-8
8u412-ga-1
Oracle GraalVM for JDK=17.0.8
Oracle GraalVM for JDK=21
Oracle JDK=1.8.0-update381
Oracle JDK=1.8.0-update381
Oracle JDK=11.0.2
Oracle JDK=17.0.8
Oracle JDK=21.0.0
Oracle JRE=1.8.0-update381
Oracle JRE=1.8.0-update381
Oracle JRE=11.0.2
Oracle JRE=17.0.8
Oracle JRE=21.0.0
NetApp Cloud Insights Acquisition Unit
NetApp Cloud Insights Storage Workload Security Agent
IBM InfoSphere Data Architect<=9.2.1

Remediation

Patch Available

https://www.oracle.com/security-alerts/cpuoct2023.html

Patch Available

https://github.com/openjdk/jdk8u/commit/32ec85f1ee2c9d1cc5109d4c4678d2aadf6dbf09

Patch Available

https://github.com/openjdk/jdk11u/commit/e60621f7f8ade409bc01f84d2be08afc1ccfc2bb

Patch Available

https://github.com/openjdk/jdk17u/commit/3a391232c8aa4fdf54d73ec725bdb4b4e9192bb5

Patch Available

https://github.com/openjdk/jdk21u/commit/86a1699e5ffcc40bd0dd256a3ee824d80fc13988

Patch Available

https://github.com/openjdk/jdk22u/commit/7c80cb26dfb6e90147f5f36d780457eff09e58ad

Event History

Oct 12, 2023
Data Sourced
via Red Hat·09:37 AM
DescriptionSeverityAffected Software
Oct 17, 2023
CVE Published
via Ubuntu·12:00 AM
CVE Published
via MITRE·09:02 PM
Data Sourced
via MITRE·09:02 PM
DescriptionSeverity
Data Sourced
10:15 PM
DescriptionSeverity
Data Sourced
via NVD·10:15 PM
RemedyDescriptionSeverityAffected Software
Jan 13, 2024
Data Sourced
via Launchpad·12:00 AM
Description
Mar 4, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-22081?

The severity of CVE-2023-22081 is medium with a severity value of 5.3.

2

Which versions of Oracle Java SE are affected by CVE-2023-22081?

Oracle Java SE versions 8u381, 8u381-perf, 11.0.20, 17.0.8, and 20.0.2 are affected by CVE-2023-22081.

3

Which versions of Oracle GraalVM for JDK are affected by CVE-2023-22081?

Oracle GraalVM for JDK versions 17.0.8 and 20.0.2 are affected by CVE-2023-22081.

4

How can CVE-2023-22081 be exploited?

CVE-2023-22081 is an easily exploitable vulnerability that allows unauthorized access.

5

Where can I find more information about CVE-2023-22081?

You can find more information about CVE-2023-22081 at the following references: [Oracle Security Alerts](https://www.oracle.com/security-alerts/cpuoct2023.html) and [Red Hat Security Advisory RHSA-2023:5742](https://access.redhat.com/errata/RHSA-2023:5742).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203