Stack-based Buffer Overflow in Java Runtime Environment for Sun JDK and JRE
CVE-2008-5354

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

A stack-based buffer overflow exists in the Java Runtime Environment (JRE) for Sun's Java Development Kit (JDK) and JRE versions up to 6 Update 10, as well as for earlier versions of JDK and JRE 5.0 and SDK and JRE 1.4.2. This vulnerability can potentially allow untrusted Java applications, whether launched locally or remotely, to execute arbitrary code. The exploit occurs when a JAR file contains a Main-Class manifest entry that is excessively long, leading to a buffer overflow situation.

References

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/34259

third-party-advisoryx_refsource_SECUNIA

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008