CVE-2022-21549

Public on 2022-07-18

Modified on 2024-01-17

Description

computeNextExponential sometimes returns negative numbers contrary to the documentation.

Severity

Medium

CVSS v3 Base Score

5.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	java-1.7.0-openjdk			Not Affected
Amazon Linux 1	java-1.8.0-openjdk			Not Affected
Amazon Linux 2 - Core	java-1.8.0-openjdk			Not Affected
Amazon Linux 2 - Core	java-11-amazon-corretto			Not Affected
Amazon Linux 2 - Java-openjdk11 Extra	java-11-openjdk			Not Affected
Amazon Linux 2 - Core	java-17-amazon-corretto	2022-07-19	ALAS2-2022-1824	Fixed
Amazon Linux 2023	java-17-amazon-corretto			Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
NVD	CVSSv3	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Red Hat: CVE-2022-21549 Mitre: CVE-2022-21549