CVE-2008-5352
Last modified
CVE-2008-5352 is a vulnerability of currently unknown severity. Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.. EPSS estimates a 3.06% chance of exploitation in the next 30 days.
Description
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Jdk | <= 5.0 | Update 16 |
| Sun | Jdk | <= 6 | Update 10 |
| Sun | Jdk | 5.0 | Update 1 |
| Sun | Jdk | 6 | — |
| Sun | Jre | <= 5.0 | Update 16 |
| Sun | Jre | <= 6 | Update 10 |
| Sun | Jre | 5.0 | — |
| Sun | Jre | 6 | — |
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlUS Government Resource
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-5352?
How severe is CVE-2008-5352?
How do I fix CVE-2008-5352?
Are you affected by CVE-2008-5352?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST