Home > Software design >  Is OpenJDK impacted by CVE-2022-37434?
Is OpenJDK impacted by CVE-2022-37434?

Time:12-05

I'm trying to determine if OpenJDK is impacted by CVE-2022-37434.

I checked OpenJDK source code and it looks like it's using only following methods from zlib:

  • inflateInit2
  • inflate
  • inflateSetDictionary
  • inflateReset
  • inflateEnd

Method that contains vulnerabilities in zlib is inflateGetHeader, so it looks like that OpenJDK is not affected by this. Can somebody confirm if my reasoning is correct?

CodePudding user response:

Your reasoning is correct.....

  • Related