CVE-2008-1188 — Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
9.3CRITICALNVD
NVD6.8
EPSS
31.5%
top 3.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 6
Latest updateMay 1
Description
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-hppm-r8m5-wmwp: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5↗2022-05-01
GHSA▶
GHSA-x67m-cmr9-2j82: Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5↗2022-05-01
CVEList▶
CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5↗2008-03-06
CVEList▶
CVE-2008-1188: Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5↗2008-03-06
💥Exploits & PoCs
1📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)↗2008-03-06