CVE-2022-34169

HIGH

Apache Xalan <2.7.3 - Code Injection

Title source: llm

Description

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Exploits (3)

nomisec WORKING POC 93 stars

by flowerwind · poc

https://github.com/flowerwind/AutoGenerateXalanPayload

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Disnaming · poc

https://github.com/Disnaming/CVE-2022-34169

View Code ZIP pw:eip

nomisec SCANNER

by bor8 · poc

https://github.com/bor8/CVE-2022-34169

View Code ZIP pw:eip

References (24)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/19/5

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/19/6

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/20/2

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/20/3

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/10/18/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/04/8

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/07/2

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

[Third Party Advisory] https://security.gentoo.org/glsa/202401-25

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220729-0009/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5188

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5192

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5256

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240621-0006/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/

... and 4 more

Scores

CVSS v3 7.5

EPSS 0.0666

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-681

Status published

Products (35)

apache/xalan-java < 2.7.2

azul/zulu 6.47

azul/zulu 7.54

azul/zulu 8.62

azul/zulu 11.56

azul/zulu 13.48

azul/zulu 15.40

azul/zulu 17.34

azul/zulu 18.30

debian/debian_linux 10.0

... and 25 more

Published Jul 19, 2022

Tracked Since Feb 18, 2026