CVE-2016-3443Oracle JDK vulnerability

6 documents6 sources
Severity
9.6CRITICALNVD
EPSS
3.4%
top 12.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedApr 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

🔴Vulnerability Details

2
GHSA
GHSA-wf68-w3c3-xjhm: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via v2022-05-13
CVEList
CVE-2016-3443: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via v2016-04-21

📋Vendor Advisories

2
Red Hat
JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)2016-04-19
Debian
CVE-2016-3443: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote ...2016

💬Community

1
Bugzilla
CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)2016-04-19
CVE-2016-3443 — Oracle JDK vulnerability | cvebase