<p>Upgrade <code>org.graalvm.sdk:graal-sdk</code> to version 21.0.1 or higher.</p>

Buffer Overflow Affecting org.graalvm.sdk:graal-sdk package, versions [21.0.0,21.0.1)

Threat Intelligence

Proof of concept

0.07% (32^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGGRAALVMSDK-6026508
published 22 Oct 2023
disclosed 22 Oct 2023
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 22 Oct 2023

CVE-2023-22025 Open this link in a new tab CWE-120 Open this link in a new tab

How to fix?

Upgrade org.graalvm.sdk:graal-sdk to version 21.0.1 or higher.

Overview

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Buffer Overflow in LoadVectorMaskedNode::Ideal() in the hotspot compiler, when running unstrusted code.

Note: This vulnerability is only exploitable when AVX-512 is enabled (-XX:UseAVX=3).

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

None

Buffer Overflow Affecting org.graalvm.sdk:graal-sdk package, versions [21.0.0,21.0.1)

Severity

CVSS assessment made by Snyk's Security Team

Threat Intelligence

Introduced: 22 Oct 2023

How to fix?

Overview

References

CVSS Scores

Snyk

NVD

SUSE

Red Hat