CVE-2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Published: Dec 5, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5352
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
sun / jdk	5.0-update_12	5.0-update_12.x
sun / jre	6	6.x
sun / jdk	5.0-update_15	5.0-update_15.x
sun / jdk	-	5.0.x
sun / jdk	5.0-update_3	5.0-update_3.x
sun / jre	5.0-update_13	5.0-update_13.x
sun / jre	5.0-update_1	5.0-update_1.x
sun / jdk	5.0-update_11	5.0-update_11.x
sun / jdk	6-update_6	6-update_6.x
sun / jdk	6-update_7	6-update_7.x
sun / jre	5.0-update_14	5.0-update_14.x
sun / jre	6-update_3	6-update_3.x
sun / jre	6-update_4	6-update_4.x
sun / jre	5.0-update_12	5.0-update_12.x
sun / jdk	5.0-update_1	5.0-update_1.x
sun / jdk	6-update_1	6-update_1.x
sun / jdk	6	6.x
sun / jdk	6-update_3	6-update_3.x
sun / jre	6-update_2	6-update_2.x
sun / jdk	6-update_4	6-update_4.x
sun / jre	-	6.x
sun / jdk	-	6.x
sun / jre	5.0-update_15	5.0-update_15.x
sun / jre	6-update_5	6-update_5.x
sun / jdk	5.0-update_14	5.0-update_14.x
sun / jdk	6-update_8	6-update_8.x
sun / jre	5.0-update_2	5.0-update_2.x
sun / jre	-	5.0.x
sun / jdk	6-update_2	6-update_2.x
sun / jre	6-update_7	6-update_7.x
sun / jre	6-update_8	6-update_8.x
sun / jdk	5.0-update_13	5.0-update_13.x
sun / jre	5.0-update_11	5.0-update_11.x
sun / jre	6-update_1	6-update_1.x
sun / jdk	6-update_5	6-update_5.x
sun / jdk	5.0-update_10	5.0-update_10.x
sun / jdk	5.0-update_2	5.0-update_2.x
sun / jre	5.0	5.0.x
sun / jre	6-update_6	6-update_6.x
sun / jre	5.0-update_10	5.0-update_10.x

Vulnerability Database

289,697

CVE-2008-5352