CVE-2023-2004 - OpenCVE

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openjdk

No data.

Package	CPE	Advisory	Released Date
Red Hat Build of OpenJDK 11.0.21
java-11-openjdk-portable	cpe:/a:redhat:openjdk:11	RHSA-2023:5734	2023-10-18T00:00:00Z
Red Hat Build of OpenJDK 17.0.9
java-17-openjdk-portable	cpe:/a:redhat:openjdk:17	RHSA-2023:5745	2023-10-18T00:00:00Z

References

Link	Providers
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
https://www.cve.org/CVERecord?id=CVE-2023-2004

History

No history.

MITRE

Status: REJECTED

Assigner: redhat

Published:

Updated: 2023-05-26T00:00:00

Reserved: 2023-04-12T00:00:00

Link: CVE-2023-2004

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2023-04-14T21:15:08.547

Modified: 2023-11-07T04:11:40.947

Link: CVE-2023-2004

Redhat

Severity :

Publid Date: 2022-11-14T00:00:00Z

Links: CVE-2023-2004 - Bugzilla

{"affected_release": [{"advisory": "RHSA-2023:5734", "cpe": "cpe:/a:redhat:openjdk:11", "package": "java-11-openjdk-portable", "product_name": "Red Hat Build of OpenJDK 11.0.21", "release_date": "2023-10-18T00:00:00Z"}, {"advisory": "RHSA-2023:5745", "cpe": "cpe:/a:redhat:openjdk:17", "package": "java-17-openjdk-portable", "product_name": "Red Hat Build of OpenJDK 17.0.9", "release_date": "2023-10-18T00:00:00Z"}], "bugzilla": {"description": "freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c", "id": "2186428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186428"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "verified"}, "cwe": "CWE-190", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. This flaw causes an application to crash or leads to a denial of service."], "name": "CVE-2023-2004", "package_state": [{"cpe": "cpe:/a:redhat:openjdk:1.8", "fix_state": "Affected", "package_name": "java-11-openjdk-portable", "product_name": "Red Hat build of OpenJDK 1.8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "java-11-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "java-11-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/java-11-openjdk", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2004\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2004\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462"], "statement": "Red Hat Product Security does not consider this to be a vulnerability.", "upstream_fix": "freetype 2.13.0"}