Описание
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6b16-1.6.1-0ubuntu1 |
| hardy | released | 6b18-1.8.2-4ubuntu1~8.04.1 |
| intrepid | released | 6b12-0ubuntu6.5 |
| jaunty | released | 6b14-1.4.1-0ubuntu11 |
| karmic | not-affected | 6b16-1.6.1-0ubuntu1 |
| lucid | not-affected | 6b16-1.6.1-0ubuntu1 |
| maverick | not-affected | 6b16-1.6.1-0ubuntu1 |
| upstream | released | 6b16 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| gutsy | ignored | end of life, was needs-triage |
| hardy | not-affected | 1.5.0-22-0ubuntu0.8.04 |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | released | 1.5.0-20 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 6.20dlj-0ubuntu1.8.04 |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | released | 6.20dlj-0ubuntu1.9.04 |
| karmic | released | 6-15-1 |
| lucid | released | 6-15-1 |
| maverick | not-affected | |
| upstream | released | 6.15 |
Показывать по
EPSS
10 Critical
CVSS2
Связанные уязвимости
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Integer overflow in the unpack200 utility in Sun Java Runtime Environm ...
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
ELSA-2009-1201: java-1.6.0-openjdk security and bug fix update (IMPORTANT)
EPSS
10 Critical
CVSS2