Oracle has issued patches for a serious flaw in Java versions 15 to 18 which allows malicious actors to trivially forge digital signatures and TLS certificates that Java then accepts as valid.
The problem lies in the Elliptic Curve Digital Signature Algorithm (ECDSA) which was re-written for Java 15 and this introduced the flaw which is tracked as CVE-2022-21449.
ECDSA relies on the generation and comparison of two values (r and s) after performing the cryptographic operations. A value of zero for either of these numbers is not valid and the ECDSA implementation is supposed to check for a zero and if it finds one go back to the beginning and try with a new random starting point. The new Java implementation forgot the ‘check for a zero’ bit which is a problem because anything multiplied by a zero is zero. Which means any forged digital signature created with r and s values of zero would be considered valid by Java (and easy for a malicious actor to create).
This vulnerability is fixed along with 6 more remotely exploitable without authentication in the April Critical Patch Update from Oracle which contains a total of 520 patches across Oracle’s product range.