PT-2010-2562 · Oracle+2 · Java Se+4

Stephen Fewer

Published

2010-04-01

Updated

2018-10-10

CVE-2010-0838

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 5.0, 6 Update 18, and 6 Update 23

Description The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is reportedly related to a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. However, Oracle has not commented on these claims.

Recommendations For Oracle Java SE and Java for Business versions 5.0, 6 Update 18, and 6 Update 23, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0838

HPSBUX02524

RHSA-2010:0130

RHSA-2010:0337

RHSA-2010:0338

RHSA-2010:0339

RHSA-2010:0383

RHSA-2010:0471

RHSA-2010_0339

ZDI-10-061

Affected Products

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-2562 · Oracle+2 · Java Se+4

CVE-2010-0838

Related Identifiers

Affected Products

References · 127