CVE-2008-5346 — Sensitive Information Exposure in JDK

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.1HIGHNVD

EPSS

4.0%

top 11.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedDec 5

Latest updateMay 14

Description

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDsun/jdk1.5.0

▶NVDsun/jre43 versions+42

▶NVDsun/sdk49 versions+48

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-3p93-j4fw-gpx2: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5↗2022-05-14

▶

CVEList

CVE-2008-5346: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5↗2008-12-05

▶

📋Vendor Advisories

Red Hat

JRE allows unauthorized memory read access via a crafted ZIP file↗2008-12-04

▶

💬Community

Bugzilla

CVE-2008-5346 JRE allows unauthorized memory read access via a crafted ZIP file↗2008-12-05

▶