CVE-2008-1189 — Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

6.8MEDIUMNVD

CNA9.3

EPSS

31.7%

top 3.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedMar 6

Latest updateMay 1

Description

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk1.5.0, 1.6.0+1

▶NVDsun/jre19 versions+18

▶NVDsun/sdk17 versions+16

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-hppm-r8m5-wmwp: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5↗2022-05-01

▶

CVEList

CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5↗2008-03-06

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)↗2008-02-27

▶

📋Vendor Advisories

Red Hat

dbus: invalid fix for CVE-2008-3834↗2009-04-16

▶

Red Hat

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)↗2008-03-06

▶

Red Hat

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)↗2008-03-06

▶

Red Hat

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)↗2008-03-06

▶

💬Community

Bugzilla

CVE-2009-1189 dbus: invalid fix for CVE-2008-3834↗2009-04-20

▶

Bugzilla

CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)↗2008-03-06

▶