Vulnerability Description
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | 1.5.0 |
| Sun | Jre | 1.4.2_1 |
| Sun | Sdk | 1.4.2_01 |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
| Sun | Solaris | All versions |
Related Weaknesses (CWE)
References
- http://java.sun.com/javase/6/webnotes/6u17.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
- http://marc.info/?l=bugtraq&m=126566824131534&w=2
- http://marc.info/?l=bugtraq&m=131593453929393&w=2
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://secunia.com/advisories/37231Vendor Advisory
- http://secunia.com/advisories/37239
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37841
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
- http://www.redhat.com/support/errata/RHSA-2009-1694.html
- http://www.securityfocus.com/bid/36881
FAQ
What is CVE-2009-3876?
CVE-2009-3876 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote att...
How severe is CVE-2009-3876?
CVE-2009-3876 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3876?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre, Sun Sdk, Linux Linux Kernel, Microsoft Windows.