CVE-2008-5346
UnknownEPSS 2.81%
Last modified
CVE-2008-5346 is a vulnerability of currently unknown severity. Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.. EPSS estimates a 2.81% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jre | 1.3.1 |
| Sun | Jre | 1.3.1_2 |
| Sun | Jre | 1.3.1_03 |
| Sun | Jre | 1.3.1_04 |
| Sun | Jre | 1.3.1_05 |
| Sun | Jre | 1.3.1_06 |
| Sun | Jre | 1.3.1_07 |
| Sun | Jre | 1.3.1_08 |
| Sun | Jre | 1.3.1_09 |
| Sun | Jre | 1.3.1_10 |
| Sun | Jre | 1.3.1_11 |
| Sun | Jre | 1.3.1_12 |
| Sun | Jre | 1.3.1_13 |
| Sun | Jre | 1.3.1_14 |
| Sun | Jre | 1.3.1_15 |
| Sun | Jre | 1.3.1_16 |
| Sun | Jre | 1.3.1_17 |
| Sun | Jre | 1.3.1_18 |
| Sun | Jre | 1.3.1_19 |
| Sun | Jre | 1.3.1_20 |
| Sun | Jre | 1.3.1_21 |
| Sun | Jre | 1.3.1_22 |
| Sun | Jre | 1.3.1_23 |
| Sun | Jre | 1.4.2 |
| Sun | Jre | 1.4.2_1 |
| Sun | Jre | 1.4.2_2 |
| Sun | Jre | 1.4.2_3 |
| Sun | Jre | 1.4.2_4 |
| Sun | Jre | 1.4.2_5 |
| Sun | Jre | 1.4.2_6 |
| Sun | Jre | 1.4.2_7 |
| Sun | Jre | 1.4.2_8 |
| Sun | Jre | 1.4.2_9 |
| Sun | Jre | 1.4.2_10 |
| Sun | Jre | 1.4.2_11 |
| Sun | Jre | 1.4.2_12 |
| Sun | Jre | 1.4.2_13 |
| Sun | Jre | 1.4.2_14 |
| Sun | Jre | 1.4.2_15 |
| Sun | Jre | 1.4.2_16 |
| Sun | Jre | 1.4.2_17 |
| Sun | Jre | 1.4.2_18 |
| Sun | Jre | 1.5.0 |
| Sun | Jdk | 1.5.0 |
| Sun | Sdk | 1.3.1 |
| Sun | Sdk | 1.3.1_01 |
| Sun | Sdk | 1.3.1_01a |
| Sun | Sdk | 1.3.1_02 |
| Sun | Sdk | 1.3.1_03 |
| Sun | Sdk | 1.3.1_04 |
Showing 50 of 93 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://osvdb.org/50507Broken Link
- http://rhn.redhat.com/errata/RHSA-2008-1025.htmlThird Party Advisory
- http://secunia.com/advisories/32991Third Party Advisory
- http://secunia.com/advisories/33015Third Party Advisory
- http://secunia.com/advisories/33710Third Party Advisory
- http://secunia.com/advisories/34605Third Party Advisory
- http://secunia.com/advisories/34889Third Party Advisory
- http://secunia.com/advisories/34972Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/37386Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200911-02.xmlThird Party Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-246386-1Patch, Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htmThird Party Advisory
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0016.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0445.htmlThird Party Advisory
- http://www.securitytracker.com/id?1021306Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/3339Third Party Advisory
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2009-0466.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://osvdb.org/50507Broken Link
- http://rhn.redhat.com/errata/RHSA-2008-1025.htmlThird Party Advisory
- http://secunia.com/advisories/32991Third Party Advisory
- http://secunia.com/advisories/33015Third Party Advisory
- http://secunia.com/advisories/33710Third Party Advisory
- http://secunia.com/advisories/34605Third Party Advisory
- http://secunia.com/advisories/34889Third Party Advisory
- http://secunia.com/advisories/34972Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/37386Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200911-02.xmlThird Party Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-246386-1Patch, Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htmThird Party Advisory
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0016.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0445.htmlThird Party Advisory
- http://www.securitytracker.com/id?1021306Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/3339Third Party Advisory
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2009-0466.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-5346?
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
How severe is CVE-2008-5346?
Severity scoring for CVE-2008-5346 is pending analysis. The EPSS model estimates a 2.81% probability of exploitation in the next 30 days.
How do I fix CVE-2008-5346?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2008-5346?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST