CVE-2009-3879

CVE	CVE-2009-3879
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-11-09 19:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: NVD-CWE-noinfo | n/a

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sun	Jre	1.5.0	update10	All	All
Application	Sun	Jre	1.5.0	update_1	All	All
Application	Sun	Jre	1.5.0	update_11	All	All
Application	Sun	Jre	1.5.0	update_12	All	All
Application	Sun	Jre	1.5.0	update_13	All	All
Application	Sun	Jre	1.5.0	update_14	All	All
Application	Sun	Jre	1.5.0	update_15	All	All
Application	Sun	Jre	1.5.0	update_16	All	All
Application	Sun	Jre	1.5.0	update_17	All	All
Application	Sun	Jre	1.5.0	update_18	All	All
Application	Sun	Jre	1.5.0	update_19	All	All
Application	Sun	Jre	1.5.0	update_2	All	All
Application	Sun	Jre	1.5.0	update_20	All	All
Application	Sun	Jre	1.5.0	update_3	All	All
Application	Sun	Jre	1.5.0	update_4	All	All
Application	Sun	Jre	1.5.0	update_5	All	All
Application	Sun	Jre	1.5.0	update_6	All	All
Application	Sun	Jre	1.5.0	update_7	All	All
Application	Sun	Jre	1.5.0	update_8	All	All
Application	Sun	Jre	1.5.0	update_9	All	All
Application	Sun	Jre	1.6.0	update_1	All	All
Application	Sun	Jre	1.6.0	update_10	All	All
Application	Sun	Jre	1.6.0	update_11	All	All
Application	Sun	Jre	1.6.0	update_12	All	All
Application	Sun	Jre	1.6.0	update_13	All	All
Application	Sun	Jre	1.6.0	update_14	All	All
Application	Sun	Jre	1.6.0	update_15	All	All
Application	Sun	Jre	1.6.0	update_2	All	All
Application	Sun	Jre	1.6.0	update_3	All	All
Application	Sun	Jre	1.6.0	update_4	All	All
Application	Sun	Jre	1.6.0	update_5	All	All
Application	Sun	Jre	1.6.0	update_6	All	All
Application	Sun	Jre	1.6.0	update_7	All	All
Application	Sun	Jre	1.6.0	update_8	All	All
Application	Sun	Jre	1.6.0	update_9	All	All
Application	Sun	Jre	All	update_21	All	All
Application	Sun	Jre	All	update_16	All	All
Application	Sun	Openjdk	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
Advisories \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Java SE 6 Update 17 Release Notes.	af854a3a-2127-422b-91ae-364da2661108	java.sun.com	Vendor Advisory
JDK 5.0u22 Release Notes	af854a3a-2127-422b-91ae-364da2661108	java.sun.com	Vendor Advisory
Gentoo Linux Documentation -- Sun JDK/JRE: Multiple vulnerabilites	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Bug 530297 – CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.