CVE-2016-5582
Public on 2016-10-25
Modified on 2017-02-06
Description
It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions.
Severity
Critical
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | java-1.6.0-openjdk | 2017-02-06 | ALAS-2017-795 | Fixed |
| HAQM Linux 1 | java-1.7.0-openjdk | 2016-11-18 | ALAS-2016-771 | Fixed |
| HAQM Linux 1 | java-1.8.0-openjdk | 2016-10-27 | ALAS-2016-759 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| HAQM Linux | CVSSv3 | 8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 9.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| NVD | CVSSv2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |