What is CVE-2018-3169?

CVE-2018-3169 is a vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).

Which versions of Java SE are affected by CVE-2018-3169?

Java SE versions 7u191, 8u182, and 11 are affected by CVE-2018-3169.

How severe is CVE-2018-3169?

CVE-2018-3169 has a severity rating of 8.3 (high).

How can I fix CVE-2018-3169?

To fix CVE-2018-3169, update to the recommended versions of Java SE provided by your software vendor.

Where can I find more information about CVE-2018-3169?

You can find more information about CVE-2018-3169 in the references provided: [Link 1](https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA), [Link 2](https://access.redhat.com/errata/RHSA-2018:2942), [Link 3](https://access.redhat.com/errata/RHSA-2018:2943).

Vulnerability/
CVE-2018-3169

high

8.3

15/10/2018

17/10/2018

21/11/2024

CVE-2018-3169

First published: Mon Oct 15 2018(Updated: )

It was discovered that the Hotspot component of OpenJDK did not perform access checks correctly in certain cases when performing field link resolution. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.25+9-1~deb11u1 11.0.26+4-1
debian/openjdk-8		8u432-b06-2
Oracle JDK 6	=1.7.0-update191
Oracle JDK 6	=1.8.0-update181
Oracle JDK 6	=11.0.0
Oracle Java Runtime Environment (JRE)	=1.7.0-update191
Oracle Java Runtime Environment (JRE)	=1.8.0-update181
Oracle Java Runtime Environment (JRE)	=11.0.0
redhat satellite	=5.6
redhat satellite	=5.7
redhat satellite	=5.8
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=7.6
redhat enterprise Linux server	=6.0
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server eus	=7.5
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux workstation	=6.0
redhat enterprise Linux workstation	=7.0
Debian	=8.0
Debian	=9.0
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=18.10
HP P9000 Command View Advanced Edition Software	<8.6.3-00

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-3169?
CVE-2018-3169 is a vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
Which versions of Java SE are affected by CVE-2018-3169?
Java SE versions 7u191, 8u182, and 11 are affected by CVE-2018-3169.
How severe is CVE-2018-3169?
CVE-2018-3169 has a severity rating of 8.3 (high).
How can I fix CVE-2018-3169?
To fix CVE-2018-3169, update to the recommended versions of Java SE provided by your software vendor.
Where can I find more information about CVE-2018-3169?
You can find more information about CVE-2018-3169 in the references provided: [Link 1](https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA), [Link 2](https://access.redhat.com/errata/RHSA-2018:2942), [Link 3](https://access.redhat.com/errata/RHSA-2018:2943).

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-3169
agent/severity
agent/remedy
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/oracle
canonical/oracle jdk 6
version/oracle jdk 6/1.7.0-update191
version/oracle jdk 6/1.8.0-update181
version/oracle jdk 6/11.0.0
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.7.0-update191
version/oracle java runtime environment (jre)/1.8.0-update181
version/oracle java runtime environment (jre)/11.0.0
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.6
version/redhat satellite/5.7
version/redhat satellite/5.8
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.6
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.5
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/18.10
vendor/hp
canonical/hp p9000 command view advanced edition software