CVE-2008-5359

Published: Dec 5, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.

Affected (128)

Products: Sun: Jre, Jdk, Sdk

3 products

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Version 1.3.1
Sun Jre	Version 1.3.1_03
Sun Jre	Version 1.3.1_04
Sun Jre	Version 1.3.1_05
Sun Jre	Version 1.3.1_06
Sun Jre	Version 1.3.1_07
Sun Jre	Version 1.3.1_08
Sun Jre	Version 1.3.1_09
Sun Jre	Version 1.3.1_10
Sun Jre	Version 1.3.1_11
Sun Jre	Version 1.3.1_12
Sun Jre	Version 1.3.1_13
Sun Jre	Version 1.3.1_14
Sun Jre	Version 1.3.1_15
Sun Jre	Version 1.3.1_16
Sun Jre	Version 1.3.1_17
Sun Jre	Version 1.3.1_18
Sun Jre	Version 1.3.1_19
Sun Jre	Version 1.3.1_20
Sun Jre	Version 1.3.1_21
Sun Jre	Version 1.3.1_22
Sun Jre	Version 1.3.1_23
Sun Jre	Version 1.3.1_2
Sun Jre	Version 1.4.2
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_18
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9
Sun Jre	Version 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update12
Sun Jre	Version 1.5.0 update13
Sun Jre	Version 1.5.0 update14
Sun Jre	Version 1.5.0 update15
Sun Jre	Version 1.5.0 update16
Sun Jre	Version 1.5.0 update1
Sun Jre	Version 1.5.0 update2
Sun Jre	Version 1.6.0
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6

Configuration B

19 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Version 1.5.0
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update1
Sun Jdk	Version 1.5.0 update2
Sun Jdk	Version 1.5.0 update3
Sun Jdk	Version 1.5.0 update4
Sun Jdk	Version 1.5.0 update5
Sun Jdk	Version 1.5.0 update6
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update7_b03
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9
Sun Jdk	Version 1.6.0
Sun Jdk	Version 1.6.0 update_10
Sun Jdk	Version 1.6.0 update_3
Sun Jdk	Version 1.6.0 update_4
Sun Jdk	Version 1.6.0 update_5
Sun Jdk	Version 1.6.0 update_6
Sun Jdk	Version 1.6.0 update_7

Configuration C

49 vulnerable

Vulnerable Software	Affected Versions
Sun Sdk	Version 1.3.1
Sun Sdk	Version 1.3.1_01
Sun Sdk	Version 1.3.1_01a
Sun Sdk	Version 1.3.1_02
Sun Sdk	Version 1.3.1_03
Sun Sdk	Version 1.3.1_04
Sun Sdk	Version 1.3.1_05
Sun Sdk	Version 1.3.1_06
Sun Sdk	Version 1.3.1_07
Sun Sdk	Version 1.3.1_08
Sun Sdk	Version 1.3.1_09
Sun Sdk	Version 1.3.1_10
Sun Sdk	Version 1.3.1_11
Sun Sdk	Version 1.3.1_12
Sun Sdk	Version 1.3.1_13
Sun Sdk	Version 1.3.1_14
Sun Sdk	Version 1.3.1_15
Sun Sdk	Version 1.3.1_16
Sun Sdk	Version 1.3.1_17
Sun Sdk	Version 1.3.1_18
Sun Sdk	Version 1.3.1_19
Sun Sdk	Version 1.3.1_20
Sun Sdk	Version 1.3.1_21
Sun Sdk	Version 1.3.1_22
Sun Sdk	Version 1.3.1_23
Sun Sdk	Version 1.4.2
Sun Sdk	Version 1.4.2_02
Sun Sdk	Version 1.4.2_03
Sun Sdk	Version 1.4.2_04
Sun Sdk	Version 1.4.2_08
Sun Sdk	Version 1.4.2_09
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15
Sun Sdk	Version 1.4.2_16
Sun Sdk	Version 1.4.2_17
Sun Sdk	Version 1.4.2_18
Sun Sdk	Version 1.4.2_1
Sun Sdk	Version 1.4.2_2
Sun Sdk	Version 1.4.2_3
Sun Sdk	Version 1.4.2_4
Sun Sdk	Version 1.4.2_5
Sun Sdk	Version 1.4.2_6
Sun Sdk	Version 1.4.2_7
Sun Sdk	Version 1.4.2_8
Sun Sdk	Version 1.4.2_9

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (78)

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=123678756409861&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=126583436323697&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2008-1018.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2008-1025.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/32991

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/33015

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/33187

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/33528

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/33709

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/33710

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34233

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34259

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34605

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34889

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34972

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/35065

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/37386

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/38539

Source: cve@mitre.org

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: cve@mitre.org

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1

Source: cve@mitre.org

PatchVendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm

Source: cve@mitre.org

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Source: cve@mitre.org

Third Party Advisory

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0015.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0016.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0445.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/32608

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/3339

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0672

Source: cve@mitre.org

Third Party Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-080/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/47048

Source: cve@mitre.org

Mailing ListThird Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5841

Source: cve@mitre.org

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-0466.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html