Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-34169

Good to know:

icon

Date: July 19, 2022

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Language: Java

Severity Score

Related Resources (34)

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
https://security.gentoo.org/glsa/202401-25
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
https://security-tracker.debian.org/tracker/CVE-2022-34169
https://www.debian.org/security/2022/dsa-5256
https://security.netapp.com/advisory/ntap-20220729-0009/
http://www.openwall.com/lists/oss-security/2022/07/19/6
http://www.openwall.com/lists/oss-security/2022/07/19/5
https://www.debian.org/security/2022/dsa-5192
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
https://security.alpinelinux.org/vuln/CVE-2022-34169
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
https://nvd.nist.gov/vuln/detail/CVE-2022-34169
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
http://www.openwall.com/lists/oss-security/2022/11/04/8
http://www.openwall.com/lists/oss-security/2022/11/07/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
http://www.openwall.com/lists/oss-security/2022/07/20/2
http://www.openwall.com/lists/oss-security/2022/07/20/3
https://www.oracle.com/security-alerts/cpujul2022.html
https://access.redhat.com/security/cve/CVE-2022-34169
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
https://www.debian.org/security/2022/dsa-5188
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
http://www.openwall.com/lists/oss-security/2022/10/18/2
https://www.mend.io/vulnerability-database/CVE-2022-34169

Severity Score

Weakness Type (CWE)

Incorrect Conversion between Numeric Types

CWE-681

Top Fix

icon

Upgrade Version

Upgrade to version xalan:xalan:2.7.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us