Lucene search

K

[email protected]CVE-2008-5357

HistoryDec 05, 2008 - 11:30 a.m.

CVE-2008-5357

2008-12-0511:30:00

CWE-189

[email protected]

web.nvd.nist.gov

49

cve

2008

5357

integer overflow

java runtime environment

jre

sun jdk

jdk

jre

truetype font file

buffer overflow.

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.183 Low

EPSS

Percentile

96.1%

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jresun jreeq1.4.2_7
sun:jresun jreeq1.4.2_16
sun:jresun jreeq1.3.1
sun:jresun jreeq1.3.1_10
sun:jresun jreeq1.3.1_06
sun:jresun jreeq1.4.2_4
sun:jresun jreeq1.4.2_2
sun:jresun jreeq1.3.1_20
sun:jresun jreeq1.3.1_22

Rows per page:

1-10 of 951

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=760

lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

marc.info/?l=bugtraq&m=123678756409861&w=2

marc.info/?l=bugtraq&m=126583436323697&w=2

osvdb.org/50517

rhn.redhat.com/errata/RHSA-2008-1018.html

rhn.redhat.com/errata/RHSA-2008-1025.html

secunia.com/advisories/32991

secunia.com/advisories/33015

secunia.com/advisories/33187

secunia.com/advisories/33710

secunia.com/advisories/34233

secunia.com/advisories/34259

secunia.com/advisories/34447

secunia.com/advisories/34605

secunia.com/advisories/34972

secunia.com/advisories/35065

secunia.com/advisories/37386

secunia.com/advisories/38539

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1

support.avaya.com/elmodocs2/security/ASA-2008-485.htm

support.avaya.com/elmodocs2/security/ASA-2009-012.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

www.redhat.com/support/errata/RHSA-2009-0016.html

www.redhat.com/support/errata/RHSA-2009-0369.html

www.securityfocus.com/bid/32608

www.us-cert.gov/cas/techalerts/TA08-340A.html

www.vupen.com/english/advisories/2008/3339

www.vupen.com/english/advisories/2009/0672

www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/47050

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6505

rhn.redhat.com/errata/RHSA-2009-0466.html

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.183 Low

EPSS

Percentile

96.1%

Related for CVE-2008-5357

prion1 ubuntucve1 openvas36 nessus31 redhat5 fedora2 suse3 seebug1 vmware2 oracle1 gentoo1