CVE-2008-3108 — Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

10.0CRITICALNVD

EPSS

8.6%

top 7.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 9

Latest updateMay 1

Description

Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/jdk1.5.0

▶NVDsun/jre43 versions+42

▶NVDsun/sdk49 versions+48

🔴Vulnerability Details

GHSA

GHSA-8wxg-8gj7-8j93: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5↗2008-07-09

▶

📋Vendor Advisories

Red Hat

Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-5101 OptiPNG: Buffer overflow in BMP image handling reader↗2008-11-12

▶

Bugzilla

CVE-2008-3108 Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)↗2008-07-09

▶