CVE-2015-4843: Integer Overflow
First published: Mon Oct 19 2015(Updated: )
Multiple integer overflow issues were found in the implementation of Buffers in the java.nio (Non-blocking I/O) packages in the Libraries component of OpenJDK. These could lead to out of bounds buffer access and Java Virtual Machine memory corruption. An untursted Java application or applet could use these flaws to run arbitrary code with the Java Virtual Machine privileges or bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK 6 | =1.6.0-update101 | |
| Oracle JDK 6 | =1.7.0-update85 | |
| Oracle JDK 6 | =1.8.0-update51 | |
| Oracle JDK 6 | =1.8.0-update60 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update_101 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update_85 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update_51 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update_60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
- http://rhn.redhat.com/errata/RHSA-2015-1919.html
- http://rhn.redhat.com/errata/RHSA-2015-1920.html
- http://rhn.redhat.com/errata/RHSA-2015-1921.html
- http://rhn.redhat.com/errata/RHSA-2015-1926.html
- http://rhn.redhat.com/errata/RHSA-2015-1927.html
- http://rhn.redhat.com/errata/RHSA-2015-1928.html
- http://rhn.redhat.com/errata/RHSA-2015-2506.html
- http://rhn.redhat.com/errata/RHSA-2015-2507.html
- http://rhn.redhat.com/errata/RHSA-2015-2508.html
- http://rhn.redhat.com/errata/RHSA-2015-2509.html
- http://rhn.redhat.com/errata/RHSA-2015-2518.html
- http://www.debian.org/security/2015/dsa-3381
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/77160
- http://www.securitytracker.com/id/1033884
- http://www.ubuntu.com/usn/USN-2784-1
- http://www.ubuntu.com/usn/USN-2827-1
- https://access.redhat.com/errata/RHSA-2016:1430
- https://security.gentoo.org/glsa/201603-11
- https://security.gentoo.org/glsa/201603-14
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2015-1921.html
- https://rhn.redhat.com/errata/RHSA-2015-1920.html
- https://rhn.redhat.com/errata/RHSA-2015-1919.html
- https://rhn.redhat.com/errata/RHSA-2015-1928.html
- https://rhn.redhat.com/errata/RHSA-2015-1926.html
- https://rhn.redhat.com/errata/RHSA-2015-1927.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/22ae2d11ff54
- https://rhn.redhat.com/errata/RHSA-2015-2086.html
- https://rhn.redhat.com/errata/RHSA-2015-2508.html
- https://rhn.redhat.com/errata/RHSA-2015-2507.html
- https://rhn.redhat.com/errata/RHSA-2015-2509.html
- https://rhn.redhat.com/errata/RHSA-2015-2506.html
- https://rhn.redhat.com/errata/RHSA-2015-2518.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1273053
Frequently Asked Questions
What is the severity of CVE-2015-4843?
CVE-2015-4843 is considered a high severity vulnerability due to its potential to cause out-of-bounds buffer access and memory corruption.
How do I fix CVE-2015-4843?
To fix CVE-2015-4843, you should update to a patched version of Oracle JDK or JRE that addresses the integer overflow issues.
Which versions of software are affected by CVE-2015-4843?
CVE-2015-4843 affects Oracle JDK versions 1.6.0-update101, 1.7.0-update85, and 1.8.0-update60 and 1.8.0-update51, as well as corresponding JRE versions.
What are the potential impacts of CVE-2015-4843?
The potential impacts of CVE-2015-4843 include increased risk of exploitation by untrusted Java applications leading to memory corruption.
Is CVE-2015-4843 a remote exploit?
CVE-2015-4843 can be exploited by malicious Java applications or applets, making it possible for attackers to execute code remotely.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-4843
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.6.0-update101
- version/oracle jdk 6/1.7.0-update85
- version/oracle jdk 6/1.8.0-update51
- version/oracle jdk 6/1.8.0-update60
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.6.0-update_101
- version/oracle java runtime environment (jre)/1.7.0-update_85
- version/oracle java runtime environment (jre)/1.8.0-update_51
- version/oracle java runtime environment (jre)/1.8.0-update_60