CVE-2009-2675
published 2009-08-05CVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows…
critical10CVSS 3.1
AVNACLAuNCCICAC
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | bea_product_suite | — | — |
| sun | jdk | <= 6 | — |
| sun | jdk | — | — |
| sun | jdk | — | — |
| sun | jre | <= 6 | — |
| sun | jre | — | — |
| sun | jre | — | — |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |