CVE-2008-5352
Priority
Medium
Description
Integer overflow in the JAR unpacking utility (unpack200) in the unpack
library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE
6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows
untrusted applications and applets to gain privileges via a Pack200
compressed JAR file that triggers a heap-based buffer overflow.
library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE
6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows
untrusted applications and applets to gain privileges via a Pack200
compressed JAR file that triggers a heap-based buffer overflow.
References
Notes
kees> http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1
kees> 6755943
kees> 6755943
Assigned-to
kees
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (6b11-2ubuntu2.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (6b14-0ubuntu4) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (1.5.0-22-0ubuntu0.8.04) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (6-17-0ubuntu1.8.04) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (6.19-0ubuntu1) |