Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0838Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

8 documents7 sources
Severity
7.5HIGHNVD
EPSS
21.8%
top 4.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedApr 1
Latest updateMay 2

Description

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsun/jdk1.6.0+3
NVDsun/jre1.6.0+3

🔴Vulnerability Details

2
GHSA
GHSA-3679-c5fh-7q7w: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 52022-05-02
CVEList
CVE-2010-0838: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 52010-04-01

💥Exploits & PoCs

1
Exploit-DB
Java 6.19 CMM readMabCurveData - Remote Stack Overflow2010-09-20

📋Vendor Advisories

2
Ubuntu
OpenJDK vulnerabilities2010-04-07
Red Hat
OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)2010-03-30

💬Community

2
Bugzilla
CVE-2010-3869 Certificate System: SCEP one-time PIN reuse2010-11-02
Bugzilla
CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)2010-03-22
CVE-2010-0838 — SUN JDK vulnerability | cvebase