CVE-2016-3443

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-3443
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
http://rhn.redhat.com/errata/RHSA-2016-0677.html
http://rhn.redhat.com/errata/RHSA-2016-0678.html
http://rhn.redhat.com/errata/RHSA-2016-0679.html
http://rhn.redhat.com/errata/RHSA-2016-0701.html
http://rhn.redhat.com/errata/RHSA-2016-0702.html
http://rhn.redhat.com/errata/RHSA-2016-0708.html
http://rhn.redhat.com/errata/RHSA-2016-0716.html
http://rhn.redhat.com/errata/RHSA-2016-1039.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Vendor Advisory
http://www.securityfocus.com/bid/86482
http://www.securitytracker.com/id/1035596
http://www.zerodayinitiative.com/advisories/ZDI-16-376
https://access.redhat.com/errata/RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2017:1216
https://security.gentoo.org/glsa/201606-18
https://security.netapp.com/advisory/ntap-20160420-0001/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jdk:1.6.0:update113:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update99:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update77:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update113:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update99:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update77:*:*:*:*:*:*
History

No history.

Information

Published : 2016-04-21 11:00

Updated : 2024-02-28 15:21

NVD link : CVE-2016-3443

Mitre link : CVE-2016-3443

CVE.ORG link : CVE-2016-3443

JSON object : View

Products Affected

oracle

  • jdk
  • jre
CWE
NVD-CWE-noinfo