CVE-2006-6731Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

9 documents5 sources
Severity
9.3CRITICALNVD
EPSS
7.8%
top 7.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedDec 26
Latest updateMay 1

Description

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_a

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDsun/jdk1.5.0
NVDsun/jre32 versions+31
NVDsun/sdk33 versions+32

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-mqqx-775h-25rp: Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 52022-05-01
CVEList
CVE-2006-6731: Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 52006-12-26

📋Vendor Advisories

1
Red Hat
security flaw2007-01-04

💬Community

5
Bugzilla
CVE-2006-6731 security flaw2018-08-16
Bugzilla
CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)2007-02-09
Bugzilla
CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6731 CVE-2006-4339)2007-02-02
Bugzilla
CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)2007-02-02
Bugzilla
CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)2007-02-02
CVE-2006-6731 — SUN JDK vulnerability | cvebase