CVE-2009-1096 — Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

12.6%

top 6.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedMar 25

Latest updateMay 2

Description

Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/jdk1.5.0+3

▶NVDsun/jre1.5.0+3

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-67c2-9w2r-cg77: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5↗2022-05-02

▶

CVEList

CVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5↗2009-03-25

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-03-26

▶

Red Hat

OpenJDK Pack200 Buffer overflow vulnerability (6792554)↗2009-03-25

▶

💬Community

Bugzilla

CVE-2009-1838 Firefox arbitrary code execution flaw↗2009-06-01

▶

Bugzilla

CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)↗2009-03-13

▶