Stack-based Buffer Overflow in Java Runtime Environment for Sun JDK and JRE
CVE-2008-5354

Currently unrated

Key Information:

Vendor

Oracle
Status
Jdk
Jre
Sdk
Vendor
CVE Published:
5 December 2008

What is CVE-2008-5354?

A stack-based buffer overflow exists in the Java Runtime Environment (JRE) for Sun's Java Development Kit (JDK) and JRE versions up to 6 Update 10, as well as for earlier versions of JDK and JRE 5.0 and SDK and JRE 1.4.2. This vulnerability can potentially allow untrusted Java applications, whether launched locally or remotely, to execute arbitrary code. The exploit occurs when a JAR file contains a Main-Class manifest entry that is excessively long, leading to a buffer overflow situation.

References

http://marc.info/?l=bugtraq&m=126583436323697&w=2
vendor-advisoryx_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009...
vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/34259
third-party-advisoryx_refsource_SECUNIA

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.