CVE-2016-3606Oracle JDK vulnerability

12 documents8 sources
Severity
9.6CRITICALNVD
OSV4.3
EPSS
3.9%
top 11.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Linux
Timeline
PublishedJul 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

NVDoracle/jdk1.7.0, 1.8.0+1
NVDoracle/jre1.7.0, 1.8.0+1
NVDoracle/linux5.0, 6.0, 7.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-c3fp-g88j-7h59: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and2022-05-13
OSV
openjdk-7 vulnerabilities2016-08-16
OSV
openjdk-8 vulnerabilities2016-07-27
OSV
CVE-2016-3606: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and2016-07-21
CVEList
CVE-2016-3606: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and2016-07-21

📋Vendor Advisories

5
Ubuntu
OpenJDK 6 vulnerabilities2016-09-12
Ubuntu
OpenJDK 7 vulnerabilities2016-08-16
Ubuntu
OpenJDK 8 vulnerabilities2016-07-27
Red Hat
OpenJDK: insufficient bytecode verification (Hotspot, 8155981)2016-07-19
Debian
CVE-2016-3606: openjdk-8 - Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded ...2016

💬Community

1
Bugzilla
CVE-2016-3606 OpenJDK: insufficient bytecode verification (Hotspot, 8155981)2016-07-15
CVE-2016-3606 — Oracle JDK vulnerability | cvebase