CVE-2016-5582 — Improper Access Control in Oracle JDK
Severity
9.6CRITICALNVD
NVD8.3CNA8.3OSV8.3OSV3.1
EPSS
4.3%
top 11.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 25
Latest updateApr 19
Description
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0
Affected Packages2 packages
Patches
🔴Vulnerability Details
8GHSA▶
GHSA-xpxv-6ccf-795w: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri↗2022-05-13
GHSA▶
GHSA-f57p-w7p5-298g: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri↗2022-05-13
OSV▶
CVE-2016-5582: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri↗2016-10-25
📋Vendor Advisories
7📄Research Papers
1💬Community
1Bugzilla▶
CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591)↗2016-10-16