UTF-8 Encoding Vulnerability in Java Runtime Environment by Sun
CVE-2008-5351

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

The Java Runtime Environment (JRE) in versions like JDK and JRE 6 Update 10 and earlier, along with JDK and JRE 5.0 Update 16 and earlier, contains a vulnerability related to the handling of UTF-8 encodings. This issue allows attackers to utilize non-standard UTF-8 encodings that are not in their 'shortest' form, effectively bypassing security mechanisms in other applications that depend on the shortest form for encoding validation. This vulnerability can lead to various security risks, as it compromises the integrity and reliability of data handling within the applications relying on the affected JRE versions.

References

http://osvdb.org/50502

vdb-entryx_refsource_OSVDB

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008