The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Link Providers
http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/07/19/5 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/07/19/6 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/07/20/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/07/20/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/10/18/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/11/04/8 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/11/07/2 cve-icon cve-icon
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw cve-icon cve-icon
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-34169 cve-icon
https://security.gentoo.org/glsa/202401-25 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220729-0009/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20240621-0006/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-34169 cve-icon
https://www.debian.org/security/2022/dsa-5188 cve-icon cve-icon
https://www.debian.org/security/2022/dsa-5192 cve-icon cve-icon
https://www.debian.org/security/2022/dsa-5256 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

Mon, 25 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

Wed, 06 Nov 2024 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

Wed, 16 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Vendors & Products Redhat jboss Enterprise Application Platform

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-07-19T00:00:00

Updated: 2024-08-03T08:16:17.277Z

Reserved: 2022-06-21T00:00:00

Link: CVE-2022-34169

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-07-19T18:15:11.740

Modified: 2024-11-21T07:08:59.400

Link: CVE-2022-34169

cve-icon Redhat

Severity : Important

Publid Date: 2022-07-19T20:00:00Z

Links: CVE-2022-34169 - Bugzilla