Severe Denial of Service Vulnerability in Sun Java SE by Oracle
CVE-2009-3876

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 November 2009

Summary

A vulnerability exists in Sun Java SE that allows remote attackers to exploit memory consumption through crafted DER encoded data. This occurs when the ASN.1 DER input stream parser fails to decode the data correctly, leading to potential service interruptions.

References

http://marc.info/?l=bugtraq&m=126566824131534&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/36881

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=134254866602253&w=2

vendor-advisoryx_refsource_HP

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2009
Vulnerability Reserved
Nov 5, 2009