It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.6.0-openjdk | 2017-02-06 18:00 | ALAS-2017-795 |
Amazon Linux 1 | java-1.7.0-openjdk | 2016-11-18 12:30 | ALAS-2016-771 |
Amazon Linux 1 | java-1.8.0-openjdk | 2016-10-27 17:00 | ALAS-2016-759 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Amazon Linux | CVSSv3 | 8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 9.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |