Java is a ”type–safe language” which means buffer over flows are not possible. T

1. Java is a ”type–safe language” which means buffer over flows are not possible. To achieve a buffer overflow a pointer would have to point to unallocated memory or refer to an array location outside the range allocated for the array. Neither of these options are possible in a pure java program. However java is still vulnerable because java programs are not always pure java. Some native methods and java class’s can cause buffer overflows because they are written in C and C allows buffer overflows.
2. Some of the causes are due to the following:
3. 1. JNI Usage
4. I. C code being called has not checked the array bounds properly.
5. 2. Usage of tools or graphics library. For example:
6. I. JDK and JRE 5.0 Update 17 and earlier and JDK and JRE 6 Update 12 and earlier
7. • Vulnerabilities in the Java Runtime Environment.
8. • Unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility may allow an untrusted applet or application to escalate privileges.
9. II. JDK and JRE 5.0 Update 9 and earlier and SDK and JRE 1.4.2_12 and earlier or SDK and JRE 1.3.1_18 and earlier
10. • There is a buffer overflow vulnerability in processing GIF images in the Java Runtime Environment, which may allow an untrusted applet to elevate its privileges.