FKIE_CVE-2010-0838

Vulnerability from fkie_nvd - Published: 2010-04-01 16:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
References
secalert_us@oracle.comhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
secalert_us@oracle.comhttp://lists.apple.com/archives/security-announce/2010//May/msg00001.html
secalert_us@oracle.comhttp://lists.apple.com/archives/security-announce/2010//May/msg00002.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
secalert_us@oracle.comhttp://marc.info/?l=bugtraq&m=127557596201693&w=2
secalert_us@oracle.comhttp://marc.info/?l=bugtraq&m=134254866602253&w=2
secalert_us@oracle.comhttp://secunia.com/advisories/39292Vendor Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/39317Vendor Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/39659Vendor Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/39819Vendor Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/40545Vendor Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/43308Vendor Advisory
secalert_us@oracle.comhttp://support.apple.com/kb/HT4170
secalert_us@oracle.comhttp://support.apple.com/kb/HT4171
secalert_us@oracle.comhttp://ubuntu.com/usn/usn-923-1
secalert_us@oracle.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:084
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
secalert_us@oracle.comhttp://www.redhat.com/support/errata/RHSA-2010-0337.html
secalert_us@oracle.comhttp://www.redhat.com/support/errata/RHSA-2010-0338.html
secalert_us@oracle.comhttp://www.redhat.com/support/errata/RHSA-2010-0339.html
secalert_us@oracle.comhttp://www.redhat.com/support/errata/RHSA-2010-0383.html
secalert_us@oracle.comhttp://www.redhat.com/support/errata/RHSA-2010-0471.html
secalert_us@oracle.comhttp://www.securityfocus.com/archive/1/510534/100/0/threaded
secalert_us@oracle.comhttp://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert_us@oracle.comhttp://www.securityfocus.com/bid/39069
secalert_us@oracle.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert_us@oracle.comhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secalert_us@oracle.comhttp://www.vupen.com/english/advisories/2010/1107Vendor Advisory
secalert_us@oracle.comhttp://www.vupen.com/english/advisories/2010/1191Vendor Advisory
secalert_us@oracle.comhttp://www.vupen.com/english/advisories/2010/1454Vendor Advisory
secalert_us@oracle.comhttp://www.vupen.com/english/advisories/2010/1793Vendor Advisory
secalert_us@oracle.comhttp://www.zerodayinitiative.com/advisories/ZDI-10-061
secalert_us@oracle.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/57346
secalert_us@oracle.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482
secalert_us@oracle.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127557596201693&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134254866602253&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39292Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39317Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39659Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39819Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40545Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43308Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4170
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4171
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-923-1
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0337.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0338.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0339.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0383.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0471.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/510534/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/39069
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1454Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1793Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-061
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/57346
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923
Impacted products
Vendor Product Version
sun jre *
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jdk *
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk *
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jre *
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "AA98E24E-B406-4F94-983D-7CDAE2EDAFD5",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCD143C-057D-4F42-B487-46801E14ACF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "0A0FEC28-0707-4F42-9740-78F3D2D551EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "C3C5879A-A608-4230-9DC1-C27F0F48A13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "AADBB4F9-E43E-428B-9979-F47A15696C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "49260B94-05DE-4B78-9068-6F5F6BFDD19E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "2528152C-E20A-4D97-931C-A5EC3CEAA06D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "A99DAB4C-272B-4C91-BC70-7729E1152590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "30DFC10A-A4D9-4F89-B17C-AB9260087D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "272A5C44-18EC-41A9-8233-E9D4D0734EA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "69821E3E-D00B-462B-9AE2-3BC4C7924F71",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "722A93D8-B5BC-42F3-92A2-E424F61269A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "775F2611-F11C-4B84-8F40-0D034B81BF18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "F20FDD9F-FF45-48BC-9207-54FB02E76071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "9FA326F5-894A-4B01-BCA3-B126DA81CA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "228AB7B4-4BA4-43D4-B562-D438884DB152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "AFD5C688-2103-4D60-979E-D9BE69A989C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "21421215-F722-4207-A2E5-E2DF4B29859B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "BFB9EA23-0EF7-4582-A265-3F5AA9EC81B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "D98175BF-B084-4FA5-899D-9E80DC3923EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "820632CE-F8DF-47EE-B716-7530E60008B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "FA2BD0A3-7B2D-447B-ABAC-7B867B03B632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "D54AB785-E9B7-47BD-B756-0C3A629D67DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "E9412098-0353-4F7B-9245-010557E6C651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*",
              "matchCriteriaId": "21D6CE7E-A036-496C-8E08-A87F62B5290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:*:update23:*:*:*:*:*:*",
              "matchCriteriaId": "2C053822-6E03-4864-8C23-B3667B220DF1",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02CF738-1B4F-44D0-A618-3D3E4EF1C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "CD61E49F-2A46-4107-BB3F-527079983306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "D900AAE0-6032-4096-AFC2-3D43C55C6C83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "88B0958C-744C-4946-908C-09D2A5FAB120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "C3E7F3CA-FFB3-42B3-A64F-0E38FAF252FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*",
              "matchCriteriaId": "9A2D8D09-3F18-4E73-81CF-BB589BB8AEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*",
              "matchCriteriaId": "3FD24779-988F-4EC1-AC19-77186B68229E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*",
              "matchCriteriaId": "4F1E860E-98F2-48FF-B8B3-54D4B58BF81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*",
              "matchCriteriaId": "505A8F40-7758-412F-8895-FA1B00BE6B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*",
              "matchCriteriaId": "212F4A5F-87E3-4C62-BA21-46CBBCD8D26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "532CF9DD-0EBB-4B3B-BB9C-A8D78947A790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update23:*:*:*:*:*:*",
              "matchCriteriaId": "6246DF05-3B7C-4DD6-B7C7-D343DE96A3BD",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133A7B66-E0B3-4867-A5A4-3C54D6C0C8ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "452A3E51-9EAC-451D-BA04-A1E7B7D917EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "3E8C6AAC-C90B-4220-A69B-2A886A35CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "55231B6B-9298-4363-9B5A-14C2DA7B1F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "E42CF0F7-418C-4BB6-9B73-FA3B9171D092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*",
              "matchCriteriaId": "A5467E9D-07D8-4BEB-84D5-A3136C133519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*",
              "matchCriteriaId": "B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*",
              "matchCriteriaId": "8A32F326-EA92-43CD-930E-E527B60CDD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*",
              "matchCriteriaId": "04344167-530E-4A4D-90EF-74C684943DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*",
              "matchCriteriaId": "B0E0373B-201D-408F-9234-A7EFE8B4970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0, Update y 23 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos. NOTA: la informaci\u00f3n previa fue obtenida de la CPU Marzo 2010. Oracle no ha comentado sobre alegaciones de un investigador confiable de que esto es un desbordamiento de b\u00fafer basado en pila utilizando un valor de tama\u00f1o no confiable en la funci\u00f3n readMabCurveData en el m\u00f3dulo CMM en JVM."
    }
  ],
  "evaluatorComment": "Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html\r\n\r\n\r\n\r\n\u0027Affected product releases and versions:\r\n\u2022 Java SE: \t \r\n\r\n        \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux\r\n\t    \r\n\r\n        \u2022 JDK 5.0 Update 23 and earlier for Solaris\r\n\t  \r\n\r\n        \u2022 SDK 1.4.2_25 and earlier for Solaris\r\n\t  \r\n\u2022 Java for Business: \t \r\n\r\n        \u2022 JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux\r\n\t  \r\n\r\n        \u2022 JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux\r\n\t  \r\n\r\n        \u2022 SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux\u0027",
  "id": "CVE-2010-0838",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-01T16:30:00.843",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39292"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39317"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39659"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40545"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43308"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://support.apple.com/kb/HT4170"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://ubuntu.com/usn/usn-923-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/510534/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/39069"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1454"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1793"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-061"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57346"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-923-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/510534/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/39069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.