VIR Vulnerability Intelligence Relay

CVE-2010-3559

critical
Published 2010-10-19 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
sunjre{"endIncluding":"1.6.0"}
sunjre1.6.0
sunjdk{"endIncluding":"1.6.0"}
sunjdk1.6.0
sunjdk1.5.0
sunsdk{"endIncluding":"1.4.2_27"}
sunsdk1.4.2
sunsdk1.4.2_1
sunsdk1.4.2_02
sunsdk1.4.2_3
sunsdk1.4.2_4
sunsdk1.4.2_5
sunsdk1.4.2_6
sunsdk1.4.2_7
sunsdk1.4.2_8
sunsdk1.4.2_9
sunsdk1.4.2_10
sunsdk1.4.2_11
sunsdk1.4.2_12
sunsdk1.4.2_13
sunsdk1.4.2_14
sunsdk1.4.2_15
sunsdk1.4.2_16
sunsdk1.4.2_17
sunsdk1.4.2_18
sunsdk1.4.2_19
sunsdk1.4.2_20
sunsdk1.4.2_21
sunsdk1.4.2_22
sunsdk1.4.2_23
sunsdk1.4.2_24
sunsdk1.4.2_25
sunsdk1.4.2_26
sunjre1.5.0
sunjre1.4.2
sunjre1.4.2_1
sunjre1.4.2_2
sunjre1.4.2_3
sunjre1.4.2_4
sunjre1.4.2_5
sunjre1.4.2_6
sunjre1.4.2_7
sunjre1.4.2_8
sunjre1.4.2_9
sunjre1.4.2_10
sunjre1.4.2_11
sunjre1.4.2_12
sunjre1.4.2_13
sunjre1.4.2_14
sunjre1.4.2_15
sunjre1.4.2_16
sunjre1.4.2_17
sunjre1.4.2_18
sunjre1.4.2_19
sunjre1.4.2_20
sunjre1.4.2_21
sunjre1.4.2_22
sunjre1.4.2_23
sunjre1.4.2_24
sunjre1.4.2_25
sunjre1.4.2_26
sunjdk1.3.0
sunjdk1.3.0_01
sunjdk1.3.0_02
sunjdk1.3.0_03
sunjdk1.3.0_04
sunjdk1.3.0_05
sunjdk1.3.1
sunjdk1.3.1_01
sunjdk1.3.1_01a
sunjdk1.3.1_02
sunjdk1.3.1_03
sunjdk1.3.1_04
sunjdk1.3.1_05
sunjdk1.3.1_06
sunjdk1.3.1_07
sunjdk1.3.1_08
sunjdk1.3.1_09
sunjdk1.3.1_10
sunjdk1.3.1_11
sunjdk1.3.1_12
sunjdk1.3.1_13
sunjdk1.3.1_14
sunjdk1.3.1_15
sunjdk1.3.1_16
sunjdk1.3.1_17
sunjdk1.3.1_18
sunjdk1.3.1_19
sunjdk1.3.1_20
sunjdk1.3.1_21
sunjdk1.3.1_22
sunjdk1.3.1_23
sunjdk1.3.1_24
sunjdk1.3.1_25
sunjdk1.3.1_26
sunjdk1.3.1_27
sunjre1.3.0
sunjre1.3.1
sunjre1.3.1_2
sunjre1.3.1_03
sunjre1.3.1_04
sunjre1.3.1_05
sunjre1.3.1_06
sunjre1.3.1_07
sunjre1.3.1_08
sunjre1.3.1_09
sunjre1.3.1_10
sunjre1.3.1_11
sunjre1.3.1_12
sunjre1.3.1_13
sunjre1.3.1_14
sunjre1.3.1_15
sunjre1.3.1_16
sunjre1.3.1_17
sunjre1.3.1_18
sunjre1.3.1_19
sunjre1.3.1_20
sunjre1.3.1_21
sunjre1.3.1_22
sunjre1.3.1_23
sunjre1.3.1_24
sunjre1.3.1_25
sunjre1.3.1_26
sunjre1.3.1_27
sunsdk1.3.0
sunsdk1.3.0_01
sunsdk1.3.0_02
sunsdk1.3.0_03
sunsdk1.3.0_04
sunsdk1.3.0_05
sunsdk1.3.1
sunsdk1.3.1_01
sunsdk1.3.1_01a
sunsdk1.3.1_02
sunsdk1.3.1_03
sunsdk1.3.1_04
sunsdk1.3.1_05
sunsdk1.3.1_06
sunsdk1.3.1_07
sunsdk1.3.1_08
sunsdk1.3.1_09
sunsdk1.3.1_10
sunsdk1.3.1_11
sunsdk1.3.1_12
sunsdk1.3.1_13
sunsdk1.3.1_14
sunsdk1.3.1_15
sunsdk1.3.1_16
sunsdk1.3.1_17
sunsdk1.3.1_18
sunsdk1.3.1_19
sunsdk1.3.1_20
sunsdk1.3.1_21
sunsdk1.3.1_22
sunsdk1.3.1_23
sunsdk1.3.1_24
sunsdk1.3.1_25
sunsdk1.3.1_26
sunsdk1.3.1_27

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.