PT-2010-2562 · Oracle+2 · Java Se+4

Stephen Fewer

Publicado

2010-04-01

Atualizado

2018-10-10

CVE-2010-0838

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 5.0, 6 Update 18, and 6 Update 23

Description The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is reportedly related to a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. However, Oracle has not commented on these claims.

Recommendations For Oracle Java SE and Java for Business versions 5.0, 6 Update 18, and 6 Update 23, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-0838

HPSBUX02524

RHSA-2010:0130

RHSA-2010:0337

RHSA-2010:0338

RHSA-2010:0339

RHSA-2010:0383

RHSA-2010:0471

RHSA-2010_0339

ZDI-10-061

Produtos afetados

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-2562 · Oracle+2 · Java Se+4

CVE-2010-0838

Identificadores relacionados

Produtos afetados

Referências · 127