CVE-2016-3425

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

Severity Score

4.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.

Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con JAXP.

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2016-03-17 CVE Reserved
2016-04-20 CVE Published
2024-10-15 CVE Updated
2025-05-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (27)

URL	Tag	Source
http://www.securityfocus.com/bid/86434	Vdb Entry
http://www.securitytracker.com/id/1035596	Vdb Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10159	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20160420-0001	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html	2022-05-13
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0650.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0651.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0675.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0676.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0677.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0678.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0679.html	2022-05-13
http://rhn.redhat.com/errata/RHSA-2016-0723.html	2022-05-13
http://www.debian.org/security/2016/dsa-3558	2022-05-13
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	2022-05-13
http://www.ubuntu.com/usn/USN-2963-1	2022-05-13
http://www.ubuntu.com/usn/USN-2964-1	2022-05-13
http://www.ubuntu.com/usn/USN-2972-1	2022-05-13
https://security.gentoo.org/glsa/201606-18	2022-05-13
https://access.redhat.com/security/cve/CVE-2016-3425	2016-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=1328040	2016-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0"		update113		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0"		update99		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0"		update77		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0"		update113		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0"		update99		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0"		update77		Affected
Oracle Search vendor "Oracle"		Jrockit Search vendor "Oracle" for product "Jrockit"				r28.3.9 Search vendor "Oracle" for product "Jrockit" and version "r28.3.9"		-		Affected