Unrated severityNVD Advisory· Published Dec 5, 2008· Updated Jun 16, 2026
CVE-2008-5352
CVE-2008-5352
Description
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
81cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:*range: <=6
- cpe:2.3:a:sun:jdk:*:update_16:*:*:*:*:*:*range: <=5.0
- (no CPE)range: 6 Update 10 and earlier, 5.0 Update 16 and earlier
cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:*range: <=6
- cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*range: <=5.0
- Range: 6 Update 10 and earlier, 5.0 Update 16 and earlier
- osv-coords39 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9pkg:apk/chainguard/openjdk-25-openj9-dbgpkg:apk/chainguard/openjdk-25-openj9-default-jdkpkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-25-openj9-jrepkg:apk/chainguard/openjdk-26-openj9pkg:apk/chainguard/openjdk-26-openj9-dbgpkg:apk/chainguard/openjdk-26-openj9-default-jdkpkg:apk/chainguard/openjdk-26-openj9-default-jvmpkg:apk/chainguard/openjdk-26-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jre
< 0.59.0-r2+ 38 more
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
Patches
Vulnerability mechanics
References
27- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA08-340A.htmlnvdUS Government Resource
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.htmlnvd
- osvdb.org/50501nvd
- rhn.redhat.com/errata/RHSA-2008-1018.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-1025.htmlnvd
- secunia.com/advisories/32991nvd
- secunia.com/advisories/33015nvd
- secunia.com/advisories/33528nvd
- secunia.com/advisories/33709nvd
- secunia.com/advisories/33710nvd
- secunia.com/advisories/34259nvd
- secunia.com/advisories/34972nvd
- secunia.com/advisories/37386nvd
- security.gentoo.org/glsa/glsa-200911-02.xmlnvd
- support.avaya.com/elmodocs2/security/ASA-2009-012.htmnvd
- support.nortel.com/go/main.jspnvd
- www.redhat.com/support/errata/RHSA-2009-0015.htmlnvd
- www.redhat.com/support/errata/RHSA-2009-0016.htmlnvd
- www.securityfocus.com/bid/32608nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/3339nvd
- www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6383nvd
- rhn.redhat.com/errata/RHSA-2009-0466.htmlnvd
News mentions
0No linked articles in our index yet.