CVE-2013-2465
Summary
| CVE | CVE-2013-2465 |
|---|---|
| State | PUBLISHED |
| Assigner | oracle |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-06-18 22:55:02 UTC |
| Updated | 2026-04-22 13:08:16 UTC |
| Description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.932200000 probability, percentile 0.998020000 (date 2026-04-22)
CISA KEV: Listed on 2022-03-28; due 2022-04-18; ransomware use Known
Problem Types: NVD-CWE-noinfo | CWE-693 | n/a | CWE-693 CWE-693 Protection Mechanism Failure
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
CISA Known Exploited Vulnerability
| Vendor | Oracle |
|---|---|
| Product | Java SE |
| Name | Oracle Java SE Unspecified Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2013-2465 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Jre | 1.5.0 | - | All | All |
| Application | Oracle | Jre | 1.5.0 | update36 | All | All |
| Application | Oracle | Jre | 1.5.0 | update38 | All | All |
| Application | Oracle | Jre | 1.5.0 | update39 | All | All |
| Application | Oracle | Jre | 1.5.0 | update40 | All | All |
| Application | Oracle | Jre | 1.5.0 | update41 | All | All |
| Application | Oracle | Jre | 1.5.0 | update45 | All | All |
| Application | Oracle | Jre | 1.6.0 | - | All | All |
| Application | Oracle | Jre | 1.6.0 | update22 | All | All |
| Application | Oracle | Jre | 1.6.0 | update23 | All | All |
| Application | Oracle | Jre | 1.6.0 | update24 | All | All |
| Application | Oracle | Jre | 1.6.0 | update25 | All | All |
| Application | Oracle | Jre | 1.6.0 | update26 | All | All |
| Application | Oracle | Jre | 1.6.0 | update27 | All | All |
| Application | Oracle | Jre | 1.6.0 | update29 | All | All |
| Application | Oracle | Jre | 1.6.0 | update30 | All | All |
| Application | Oracle | Jre | 1.6.0 | update31 | All | All |
| Application | Oracle | Jre | 1.6.0 | update32 | All | All |
| Application | Oracle | Jre | 1.6.0 | update33 | All | All |
| Application | Oracle | Jre | 1.6.0 | update34 | All | All |
| Application | Oracle | Jre | 1.6.0 | update35 | All | All |
| Application | Oracle | Jre | 1.6.0 | update37 | All | All |
| Application | Oracle | Jre | 1.6.0 | update38 | All | All |
| Application | Oracle | Jre | 1.6.0 | update39 | All | All |
| Application | Oracle | Jre | 1.6.0 | update41 | All | All |
| Application | Oracle | Jre | 1.6.0 | update43 | All | All |
| Application | Oracle | Jre | 1.6.0 | update45 | All | All |
| Application | Oracle | Jre | 1.7.0 | - | All | All |
| Application | Oracle | Jre | 1.7.0 | update1 | All | All |
| Application | Oracle | Jre | 1.7.0 | update10 | All | All |
| Application | Oracle | Jre | 1.7.0 | update11 | All | All |
| Application | Oracle | Jre | 1.7.0 | update13 | All | All |
| Application | Oracle | Jre | 1.7.0 | update15 | All | All |
| Application | Oracle | Jre | 1.7.0 | update17 | All | All |
| Application | Oracle | Jre | 1.7.0 | update2 | All | All |
| Application | Oracle | Jre | 1.7.0 | update21 | All | All |
| Application | Oracle | Jre | 1.7.0 | update3 | All | All |
| Application | Oracle | Jre | 1.7.0 | update4 | All | All |
| Application | Oracle | Jre | 1.7.0 | update5 | All | All |
| Application | Oracle | Jre | 1.7.0 | update6 | All | All |
| Application | Oracle | Jre | 1.7.0 | update7 | All | All |
| Application | Oracle | Jre | 1.7.0 | update9 | All | All |
| Application | Sun | Jre | 1.5.0 | update1 | All | All |
| Application | Sun | Jre | 1.5.0 | update10 | All | All |
| Application | Sun | Jre | 1.5.0 | update11 | All | All |
| Application | Sun | Jre | 1.5.0 | update12 | All | All |
| Application | Sun | Jre | 1.5.0 | update13 | All | All |
| Application | Sun | Jre | 1.5.0 | update14 | All | All |
| Application | Sun | Jre | 1.5.0 | update15 | All | All |
| Application | Sun | Jre | 1.5.0 | update16 | All | All |
| Application | Sun | Jre | 1.5.0 | update17 | All | All |
| Application | Sun | Jre | 1.5.0 | update18 | All | All |
| Application | Sun | Jre | 1.5.0 | update19 | All | All |
| Application | Sun | Jre | 1.5.0 | update2 | All | All |
| Application | Sun | Jre | 1.5.0 | update20 | All | All |
| Application | Sun | Jre | 1.5.0 | update21 | All | All |
| Application | Sun | Jre | 1.5.0 | update22 | All | All |
| Application | Sun | Jre | 1.5.0 | update23 | All | All |
| Application | Sun | Jre | 1.5.0 | update24 | All | All |
| Application | Sun | Jre | 1.5.0 | update25 | All | All |
| Application | Sun | Jre | 1.5.0 | update26 | All | All |
| Application | Sun | Jre | 1.5.0 | update27 | All | All |
| Application | Sun | Jre | 1.5.0 | update28 | All | All |
| Application | Sun | Jre | 1.5.0 | update29 | All | All |
| Application | Sun | Jre | 1.5.0 | update3 | All | All |
| Application | Sun | Jre | 1.5.0 | update31 | All | All |
| Application | Sun | Jre | 1.5.0 | update33 | All | All |
| Application | Sun | Jre | 1.5.0 | update4 | All | All |
| Application | Sun | Jre | 1.5.0 | update5 | All | All |
| Application | Sun | Jre | 1.5.0 | update6 | All | All |
| Application | Sun | Jre | 1.5.0 | update7 | All | All |
| Application | Sun | Jre | 1.5.0 | update8 | All | All |
| Application | Sun | Jre | 1.5.0 | update9 | All | All |
| Application | Sun | Jre | 1.6.0 | update_1 | All | All |
| Application | Sun | Jre | 1.6.0 | update_10 | All | All |
| Application | Sun | Jre | 1.6.0 | update_11 | All | All |
| Application | Sun | Jre | 1.6.0 | update_12 | All | All |
| Application | Sun | Jre | 1.6.0 | update_13 | All | All |
| Application | Sun | Jre | 1.6.0 | update_14 | All | All |
| Application | Sun | Jre | 1.6.0 | update_15 | All | All |
| Application | Sun | Jre | 1.6.0 | update_16 | All | All |
| Application | Sun | Jre | 1.6.0 | update_17 | All | All |
| Application | Sun | Jre | 1.6.0 | update_18 | All | All |
| Application | Sun | Jre | 1.6.0 | update_19 | All | All |
| Application | Sun | Jre | 1.6.0 | update_20 | All | All |
| Application | Sun | Jre | 1.6.0 | update_21 | All | All |
| Application | Sun | Jre | 1.6.0 | update_3 | All | All |
| Application | Sun | Jre | 1.6.0 | update_4 | All | All |
| Application | Sun | Jre | 1.6.0 | update_5 | All | All |
| Application | Sun | Jre | 1.6.0 | update_6 | All | All |
| Application | Sun | Jre | 1.6.0 | update_7 | All | All |
| Application | Sun | Jre | 1.6.0 | update_9 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Java | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Java | 11 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Java | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 11 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 11 | sp3 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| [security-announce] SUSE-SU-2013:1263-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | Broken Link |
| Oracle Java Critical Patch Update - June 2013 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Vendor Advisory |
| Oracle Java SE CVE-2013-2465 Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Mageia Advisory: MGASA-2013-0185 - Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | advisories.mageia.org | Broken Link |
| [security-announce] SUSE-SU-2013:1255-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| [security-announce] SUSE-SU-2013:1293-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2013:1264-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | Exploit, Third Party Advisory |
| Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities | US-CERT | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| [security-announce] SUSE-SU-2013:1305-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| '[security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Bug 975118 – CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| '[security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| jdk7u/jdk7u-dev/jdk: changeset 6381:2a9c79db0040 | af854a3a-2127-422b-91ae-364da2661108 | hg.openjdk.java.net | Patch |
| www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | Exploit, Third Party Advisory |
| [security-announce] SUSE-SU-2013:1256-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2013:183 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Not Applicable |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| [security-announce] SUSE-SU-2013:1257-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2022-03-28T00:00:00.000Z | CVE-2013-2465 added to CISA KEV |
There are currently no legacy QID mappings associated with this CVE.