CVE-2015-4843Incorrect Conversion between Numeric Types in Oracle JDK

CWE-681Incorrect Conversion between Numeric TypesCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
10.0CRITICALNVD
OSV5.0
EPSS
14.1%
top 5.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedOct 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-5hrw-33cx-6w79: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2022-05-13
OSV
openjdk-7 vulnerabilities2015-10-28
OSV
CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2015-10-21
CVEList
CVE-2015-4843: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2015-10-21

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2015-12-03
Ubuntu
OpenJDK 7 vulnerabilities2015-10-28
Red Hat
OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)2015-10-20
Debian
CVE-2015-4843: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE E...2015

💬Community

1
Bugzilla
CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)2015-10-19
CVE-2015-4843 — Oracle JDK vulnerability | cvebase