CVE Vulnerabilities

CVE-2008-5352

Published: Dec 05, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun * 5.0
Jdk Sun 5.0 5.0
Jdk Sun 5.0 5.0
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun * 6
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun 6 6
Jdk Sun 6 6
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun 5.0 5.0
Jre Sun * 5.0
Jre Sun 5.0 5.0
Jre Sun 6 6
Jre Sun 6 6
Jre Sun * 6
Jre Sun 6 6
Jre Sun 6 6
Jre Sun 6 6
Jre Sun 6 6
Jre Sun 6 6
Jre Sun 6 6
Jre Sun 6 6
Extras for RHEL 4 RedHat java-1.6.0-sun-1:1.6.0.11-1jpp.1.el4 *
Extras for RHEL 4 RedHat java-1.5.0-sun-0:1.5.0.17-1jpp.2.el4 *
Extras for RHEL 4 RedHat java-1.6.0-ibm-1:1.6.0.3-1jpp.3.el4 *
Extras for RHEL 4 RedHat java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4 *
Red Hat Network Satellite Server v 5.2 RedHat java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-sun-1:1.6.0.11-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.5.0-sun-0:1.5.0.17-1jpp.2.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-ibm-1:1.6.0.3-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5 *
Openjdk-6 Ubuntu hardy *
Openjdk-6 Ubuntu intrepid *
Sun-java5 Ubuntu dapper *
Sun-java5 Ubuntu hardy *
Sun-java5 Ubuntu intrepid *
Sun-java5 Ubuntu jaunty *
Sun-java6 Ubuntu devel *
Sun-java6 Ubuntu hardy *
Sun-java6 Ubuntu intrepid *
Sun-java6 Ubuntu jaunty *
Sun-java6 Ubuntu karmic *

References