Stack-based Buffer Overflow in Java Runtime Environment for Sun JDK and JRE
CVE-2008-5354

Currently unrated

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
5 December 2008

Summary

A stack-based buffer overflow exists in the Java Runtime Environment (JRE) for Sun's Java Development Kit (JDK) and JRE versions up to 6 Update 10, as well as for earlier versions of JDK and JRE 5.0 and SDK and JRE 1.4.2. This vulnerability can potentially allow untrusted Java applications, whether launched locally or remotely, to execute arbitrary code. The exploit occurs when a JAR file contains a Main-Class manifest entry that is excessively long, leading to a buffer overflow situation.

References

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.