CVE-2016-5582

Public on 2016-10-25
Modified on 2017-02-06
Description
It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions.
Severity
Critical severity
Critical
CVSS v3 Base Score
8.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 java-1.6.0-openjdk 2017-02-06 ALAS-2017-795 Fixed
Amazon Linux 1 java-1.7.0-openjdk 2016-11-18 ALAS-2016-771 Fixed
Amazon Linux 1 java-1.8.0-openjdk 2016-10-27 ALAS-2016-759 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Amazon Linux CVSSv3 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H