Main Vulnerability Database Exploits ID:11080 - Exploit for Improper input validation in Oracle GraalVM Enterprise Edition - CVE-2022-34169

ID:11080 - Exploit for Improper input validation in Oracle GraalVM Enterprise Edition - CVE-2022-34169

Published: January 20, 2025

Vulnerability identifier: #VU65495

Vulnerability risk: High

CVE-ID: CVE-2022-34169

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Oracle GraalVM Enterprise Edition

Link to public exploit:

https://github.com/Disnaming/CVE-2022-34169

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

Remediation

Install updates from vendor's website.

ID:11080 - Exploit for Improper input validation in Oracle GraalVM Enterprise Edition - CVE-2022-34169

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human