CVE-2016-0264 — MEDIUM (5.6)

Q: How severe is CVE-2016-0264?

CVE-2016-0264 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-0264?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Ibm Java Sdk, Redhat Satellite, Redhat Enterprise Linux Desktop.

Vulnerability Description

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Ibm	Java Sdk	>= 6.0.0.0, < 6.0.16.25
Redhat	Satellite	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Hpc Node Supplementary	6.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Eus	6.7
Redhat	Enterprise Linux Workstation	5.0
Suse	Suse Linux Enterprise Server	12
Suse	Manager	2.1
Suse	Manager Proxy	2.1
Suse	Openstack Cloud	5

Related Weaknesses (CWE)

CWE-119

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21980826Vendor Advisory

FAQ

What is CVE-2016-0264?

CVE-2016-0264 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP4...

How severe is CVE-2016-0264?

CVE-2016-0264 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0264?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Ibm Java Sdk, Redhat Satellite, Redhat Enterprise Linux Desktop.