CVE-2008-5352
published 2008-12-05CVE-2008-5352: Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | jdk | <= 5.0 | — |
| sun | jdk | <= 6 | — |
| sun | jdk | — | — |
| sun | jdk | — | — |
| sun | jre | <= 5.0 | — |
| sun | jre | <= 6 | — |
| sun | jre | — | — |
| sun | jre | — | — |