CVE-2017-3261 — Integer Overflow or Wraparound in Oracle JDK
Severity
4.3MEDIUMNVD
OSV7.5
EPSS
0.9%
top 24.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 27
Latest updateMay 14
Description
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthoriz…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages2 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-4cvq-qgfc-6fqx: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2022-05-14
CVEList▶
CVE-2017-3261: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2017-01-27
OSV▶
CVE-2017-3261: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)↗2017-01-19
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2017-3261: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...↗2017
💬Community
1Bugzilla▶
CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)↗2017-01-16