It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.
Find out more about CVE-2016-5547 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 5.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) | RHSA-2017:0269 | 2017-02-13 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2017:0180 | 2017-01-20 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2017:1216 | 2017-05-09 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2017:0175 | 2017-01-19 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2017:0180 | 2017-01-20 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2017:0176 | 2017-01-19 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2017:0263 | 2017-02-09 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2017:0263 | 2017-02-09 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2017:0176 | 2017-01-19 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2017:0175 | 2017-01-19 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2017:0336 | 2017-02-28 |
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2017:0337 | 2017-02-28 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2017:1216 | 2017-05-09 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) | RHSA-2017:0176 | 2017-01-19 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2017:0336 | 2017-02-28 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2017:0269 | 2017-02-13 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2017:0269 | 2017-02-13 |