Lucene search

MitreCVE-2008-5352

HistoryDec 05, 2008 - 11:30 a.m.

CVE-2008-5352

2008-12-0511:30:00

CWE-189

mitre

web.nvd.nist.gov

cve-2008-5352

integer overflow

java runtime environment

jre

untrusted applications

applets

pack200

buffer overflow

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.948

Percentile

99.3%

JSON

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

sunjdkRange≤5.0update_16

sunjdkRange≤6update_10

sunjdkMatch5.0update_1

sunjdkMatch5.0update_10

sunjdkMatch5.0update_11

sunjdkMatch5.0update_12

sunjdkMatch5.0update_13

sunjdkMatch5.0update_14

sunjdkMatch5.0update_15

sunjdkMatch5.0update_2

sunjdkMatch5.0update_3

sunjdkMatch6

sunjdkMatch6update_1

sunjdkMatch6update_2

sunjdkMatch6update_3

sunjdkMatch6update_4

sunjdkMatch6update_5

sunjdkMatch6update_6

sunjdkMatch6update_7

sunjdkMatch6update_8

sunjreRange≤5.0update_16

sunjreRange≤6update_10

sunjreMatch5.0

sunjreMatch5.0update_1

sunjreMatch5.0update_10

sunjreMatch5.0update_11

sunjreMatch5.0update_12

sunjreMatch5.0update_13

sunjreMatch5.0update_14

sunjreMatch5.0update_15

sunjreMatch5.0update_2

sunjreMatch6

sunjreMatch6update_1

sunjreMatch6update_2

sunjreMatch6update_3

sunjreMatch6update_4

sunjreMatch6update_5

sunjreMatch6update_6

sunjreMatch6update_7

sunjreMatch6update_8

VendorProductVersionCPE
sunjdk*cpe:2.3:a:sun:jdk:*:update_16:*:*:*:*:*:*
sunjdk*cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
sunjdk5.0cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jdk	*	cpe:2.3:a:sun:jdk::update_16::::::*
sun	jdk	*	cpe:2.3:a:sun:jdk::update_10::::::*
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_1::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_10::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_11::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_12::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_13::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_14::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_15::::::
sun	jdk	5.0	cpe:2.3:a:sun:jdk:5.0:update_2::::::