CVE-2009-2205

EPSS 0.84%
Veröffentlicht 09.09.2009 22:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version10.5

Apple ≫ macOS X Version10.5.0

Apple ≫ macOS X Version10.5.1

Apple ≫ macOS X Version10.5.2

Apple ≫ macOS X Version10.5.2 Update2008-002

Apple ≫ macOS X Version10.5.3

Apple ≫ macOS X Version10.5.4

Apple ≫ macOS X Version10.5.5

Apple ≫ macOS X Version10.5.6

Apple ≫ macOS X Version10.5.7

Apple ≫ macOS X Server Version10.5

Apple ≫ macOS X Server Version10.5.0

Apple ≫ macOS X Server Version10.5.1

Apple ≫ macOS X Server Version10.5.2

Apple ≫ macOS X Server Version10.5.3

Apple ≫ macOS X Server Version10.5.4

Apple ≫ macOS X Server Version10.5.5

Apple ≫ macOS X Server Version10.5.6

Apple ≫ macOS X Server Version10.5.7

Apple ≫ Java 1.4 Update21 Version <= 2

Apple ≫ Java 1.4 Version2

Apple ≫ Java 1.4 Version2 Update16

Apple ≫ Java 1.4 Version2 Update18

Apple ≫ Java 1.5 Update19 Version <= 0

Apple ≫ Java 1.6 Update13 Version <= 0

Apple ≫ Java 1.6 Version0

Apple ≫ Java 1.6 Version0 Update05

Apple ≫ Java 1.6 Version0 Update07

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.725

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2009/2543

http://securitytracker.com/id?1022820

Patch

https://nvd.nist.gov/vuln/detail/CVE-2009-2205

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2205

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2205

EUVD