QwikSec

Security Database

CVE

CWE

Training

CVE-2022-34169

Published: Jul 19, 2022

Modified: May 27, 2026

PUBLISHED

Description

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Vendor	Product	Versions
Apache Software Foundation	Apache Xalan-J	affected `Xalan-J - <= 2.7.2`

References

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

mailing-list

https://www.oracle.com/security-alerts/cpujul2022.html

[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

mailing-list

[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

mailing-list

[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

mailing-list

vendor-advisory

vendor-advisory

https://security.netapp.com/advisory/ntap-20220729-0009/

FEDORA-2022-19b6f21746

vendor-advisory

FEDORA-2022-ae563934f7

vendor-advisory

FEDORA-2022-e573851f56

vendor-advisory

FEDORA-2022-d26586b419

vendor-advisory

FEDORA-2022-80afe2304a

vendor-advisory

FEDORA-2022-b76ab52e73

vendor-advisory

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

mailing-list

[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update

mailing-list

vendor-advisory

[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

mailing-list

[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

mailing-list

https://security.gentoo.org/glsa/202401-25

https://security.netapp.com/advisory/ntap-20240621-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.