CVE-2008-5349 — JDK vulnerability

6 documents6 sources

Severity

7.1HIGHNVD

EPSS

7.8%

top 8.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedDec 5

Latest updateMay 14

Description

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDsun/jdk5.0+3

▶NVDsun/jre5.0+3

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-xh8j-pqxf-hqm9: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5↗2022-05-14

▶

CVEList

CVE-2008-5349: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5↗2008-12-05

▶

📋Vendor Advisories

Ubuntu

openjdk-6 vulnerabilities↗2009-01-27

▶

Red Hat

OpenJDK RSA public key length denial-of-service (6497740)↗2008-12-03

▶

💬Community

Bugzilla

CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)↗2008-11-19

▶