CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Affected packages

Git / github.com/qos-ch/reload4j

Affected ranges

Type: GIT
Repo: https://github.com/qos-ch/reload4j
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

527f5374efd3c534b8aae7c133898019182e9f99
Affected versions

v1.*

v1.2.18.0
Other

v1_2_17
v1_2_17_rc3
Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-01346bfb",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getConnection"
        },
        "digest": {
            "function_hash": "229332111713677933102807746861574347653",
            "length": 281.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-19c0d550",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getLogStatement"
        },
        "digest": {
            "function_hash": "270684450888807159696430132664370127464",
            "length": 77.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-240df131",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "execute"
        },
        "digest": {
            "function_hash": "118001609627180170022662501419747263095",
            "length": 250.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-36e9cb7d",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setSql"
        },
        "digest": {
            "function_hash": "185664538515356219335872689412993714456",
            "length": 190.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-3800960d",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setBufferSize"
        },
        "digest": {
            "function_hash": "135705115141542302283357391193406670967",
            "length": 126.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-4b770bc9",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getBufferSize"
        },
        "digest": {
            "function_hash": "277922588379324964645318275604912417022",
            "length": 42.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-544fd588",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java"
        },
        "digest": {
            "line_hashes": [
                "54875113945747903846184934186189496129",
                "155639873397643663327544406949425509781",
                "248593515572713955226393538468314184102",
                "177338705595109262832408157303630120961",
                "54969589512873098220329705269313950872",
                "50128295479346590514067011337208504882",
                "263595027741115370523312888102403757349",
                "128000765136990251065282957451463718538",
                "336465973610784321648444982993644685906",
                "282252861438033699083703037813510169360",
                "274193621373044831874524153574381856346",
                "178689932047095173727127799780500554116",
                "103009779702994047860021562195043113529",
                "170898989125553315857542379309654580859",
                "248324180983586920251166012605765926053",
                "86813562956464549376628643729681012789",
                "191587714656142460675239461587984568013",
                "50070021005868208872137384571543936511",
                "194475405198163838230578780840335551786",
                "198635663030684027639153368043900281024",
                "198331663983005940152885992745504965268",
                "86126037283605146017923621980914036432",
                "310385427782325903609488384202973999628",
                "130333720266119163603703108689680499205",
                "182344192102083165273280087876963279821",
                "292027368941339937446240806062450616637",
                "224714900132149383269609281277549792049",
                "7395584678725243477510514256870041647",
                "181619309110553034228638281755584509225",
                "50310289343635155085094007606665168990",
                "6092085524425311452588706282165084638",
                "305337713044601580688090545766364433857",
                "226165542825059218830309740728165120420",
                "289449965058043209992729573014815198813",
                "212634283579970540279134743473123255481",
                "161867005669675175421361109201141107495",
                "237744605316349151570555948314485207629",
                "166662847891152600395160395404858402778",
                "45972831642117762786084575481211722099",
                "21855936516115135998000351573271992117",
                "299631208690440794016168237121661649272",
                "274959824624165360624456804288197413227",
                "251618482475154015674895815178174011072",
                "41722033093359923112412689341977416624",
                "98355026312370344746140443820758271415",
                "35916872810092410682540961324814087555",
                "106697109029959314978171886649085988366",
                "27758599605586396497021162275435845280",
                "187172850734512478378111636370098864058",
                "201815295426669917237618675335119380371",
                "278391739645131710853985149059843009532",
                "211849547030803897038136137112443746855",
                "61453366180349576478217608862864372243",
                "181119809376401772488742093277572500885",
                "271505963742121282085100382798577493871",
                "262931734221575353617386371840058546089",
                "36237627278739407895905940594515941649",
                "88929801789832107075643876158629864631",
                "109438897804792142645875517442794464241",
                "100027431249135074247958456854684726340",
                "280768824680112349074688225110563138428",
                "186210545427152720890730075040215046646",
                "36019099146866701219283042427855259423",
                "46034822312190028682988765185407074779",
                "301451908370811842593242020316859960047",
                "293325715267915905031617930664776626775",
                "37282328609117012701227874760381210002",
                "160349808761488875838347786511357460586",
                "43663139986710398330705943202509093047",
                "972830713496538912239889134882960316",
                "1661205361001691339654700101005204721",
                "265461753913825171765188475764058859737",
                "98690129755861172109978719580821151771",
                "304618822834124835717965161225852033562",
                "40276754173518987519369044155663654704",
                "102764040594288070961741384461758284391",
                "255550983384870347126499652861386144288",
                "41317504179612232833568301664126329167",
                "256441057049695684727370618570428696972",
                "131791664669517208624942950064301253143",
                "285079431208876479780639974657471100342",
                "208106868341429785083088019538185111021",
                "10518320100614721684719806326451742479",
                "215317462872548879311282847331154208976",
                "198030525472843889115287185933616003978",
                "11735076258830389967322446451924259500",
                "159867483231891255771523858402285400955",
                "287727181398583824045478376676029163239",
                "151081655941359298072693308654502157436",
                "193075100079424200744353308237442530207",
                "297535079468872394001908213252685337114",
                "202295497782179663657665499700633852177",
                "286473885719340469389527641953480286125",
                "79035680103169361956534473073511856776",
                "73496389807007547124997398986650305806",
                "196843685809570485868093606652085627473",
                "19019805076934074296033323600452709883",
                "202233865823301819311409088818247707344",
                "146924343159583726510263485115583796783",
                "67688985138137002208904676711646085295",
                "187758591920676926879304884513807483177",
                "312312522946183357771911218678676042660",
                "162057776999765546480077544888192642006",
                "301189363040255254769939087463719282487",
                "73437106389556138674143520799566752807",
                "265643224906837184039594968400363725894",
                "27051413018958958726943348781283453247",
                "273485380106913205244044697964754507227",
                "111094510762880191429512718847343629151",
                "32836941889390845596584652090167257765",
                "218845629207107560981730593448294321920",
                "297802959149840625864565763583869162498",
                "176783018540480095741906840387587357657",
                "109058676624542350274485672404688103492",
                "119921168604849227479382905322545593647",
                "159081896540628859389632197399589293505",
                "3049622438249960124266590007595575277",
                "77449200277985328346312627428612889539",
                "173969509425089567971888946188091094264",
                "146092313952150133331545717138381689602",
                "182958831464044865929399700174088208057",
                "279723878663702805418309467246398239990",
                "75741066188628439355810889110326547725",
                "302597788336685283631740533602127513733",
                "165333005634369905404050794688794028358",
                "132850213325696792035660270647608938082",
                "272687849177589332495007978881916278088",
                "17611512927439146281720666889690521576",
                "117541517591426627253659721748040186466",
                "206920131881893652745225434723079925909",
                "206956317257923047929595198294337716401",
                "63384411156087881258629920514458135039",
                "44259006285758427528508479497849022809",
                "124333112159344828496005775563029356936",
                "80057735875247189376013196585606894299",
                "327116553614759972593428098472021721962",
                "151360377759107736282417679374029983427",
                "211271231428139071615781892558616512384",
                "146945854854902378678362000871562138328",
                "339273328420201235357040014531954442232",
                "115738311481710915221389067168483725878",
                "255732452867400791330170324821045164627",
                "65566238408494342052680698576158076661",
                "242640706658904267019717904415764559543",
                "268531287589130513242614505371993956612"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-57f9523c",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "requiresLayout"
        },
        "digest": {
            "function_hash": "221347515604444174158561154025210479869",
            "length": 36.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-7485c30f",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "finalize"
        },
        "digest": {
            "function_hash": "208972022311035733844886350694903749572",
            "length": 37.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-7b9fae32",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "closeConnection"
        },
        "digest": {
            "function_hash": "290651339905754313338839002053528397135",
            "length": 34.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-8c38a6d3",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getURL"
        },
        "digest": {
            "function_hash": "238800061511443133837888387550602396811",
            "length": 43.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-96225ffa",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getLocationInfo"
        },
        "digest": {
            "function_hash": "156110009248239162566025104058112439404",
            "length": 44.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-9a9834c9",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "flushBuffer"
        },
        "digest": {
            "function_hash": "12450017771832892377555454072943694806",
            "length": 451.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-a427d138",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setLocationInfo"
        },
        "digest": {
            "function_hash": "279019664130890560140419166092181074118",
            "length": 63.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-a4f3e405",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setURL"
        },
        "digest": {
            "function_hash": "290158768240479956621356202327473687745",
            "length": 56.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-c80f5b31",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setDriver"
        },
        "digest": {
            "function_hash": "105859475583218370481865950753380933304",
            "length": 185.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-d44d45d9",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setUser"
        },
        "digest": {
            "function_hash": "302252732763328126835664180549069023807",
            "length": 57.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-d9b85e1c",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "close"
        },
        "digest": {
            "function_hash": "42582326461069237128948546438252204455",
            "length": 273.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-dca7343d",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getPassword"
        },
        "digest": {
            "function_hash": "211380759106536582900672555249066702222",
            "length": 48.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-e9fa5f2f",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "JDBCAppender"
        },
        "digest": {
            "function_hash": "52012331234289178273958542727816959467",
            "length": 107.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-eb9eeb37",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "setPassword"
        },
        "digest": {
            "function_hash": "325086023965287910712216448656503599898",
            "length": 61.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-ed55eaa9",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "append"
        },
        "digest": {
            "function_hash": "324622265363077343648228771224018499413",
            "length": 284.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-f2d7706c",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getUser"
        },
        "digest": {
            "function_hash": "238057679355050308950840042255478586491",
            "length": 44.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-23302-fdcd3eca",
        "signature_type": "Function",
        "target": {
            "file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
            "function": "getSql"
        },
        "digest": {
            "function_hash": "288393607012684171787768727765815577593",
            "length": 44.0
        },
        "deprecated": false,
        "source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99"
    }
]