CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2214 – Missing array size check in _Mtxinit() in the Xtensa port
https://notcve.org/view.php?id=CVE-2024-2214
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c En Eclipse ThreadX anterior a la versión 6.4.0, a la función _Mtxinit() en el puerto Xtensa le faltaba una verificación del tamaño de la matriz, lo que provocaba una sobrescritura de la memoria. El archivo afectado era ports/xtensa/xcc/src/tx_clib_lock.c Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more. • https://github.com/RandomRobbieBF/CVE-2024-22145 http://seclists.org/fulldisclosure/2024/May/35 http://www.openwall.com/lists/oss-security/2024/05/28/1 https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x • CWE-129: Improper Validation of Array Index •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2452 – Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()
https://notcve.org/view.php?id=CVE-2024-2452
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows. En Eclipse ThreadX NetX Duo anterior a 6.4.0, si un atacante puede controlar los parámetros de __portable_aligned_alloc() podría provocar una envoltura de enteros y una asignación menor de lo esperado. Esto podría provocar desbordamientos de búfer de almacenamiento dinámico. Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more. • https://github.com/xF-9979/CVE-2024-24520 http://seclists.org/fulldisclosure/2024/May/35 http://www.openwall.com/lists/oss-security/2024/05/28/1 https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 3CVE-2023-6194
https://notcve.org/view.php?id=CVE-2023-6194
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. En las versiones 0.7 a 1.14.0 de Eclipse Memory Analyzer, los archivos XML de definición de informes no se filtran para prohibir las referencias de definición de tipo de documento (DTD) a entidades externas. Esto significa que si un usuario elige utilizar un archivo XML de definición de informe malicioso que contiene una referencia de entidad externa para generar un informe, Eclipse Memory Analyzer puede acceder a archivos externos o URL definidos mediante una DTD en la definición del informe. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631 https://gitlab.eclipse.org/security/cve-assignement/-/issues/15 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5676 – Eclipse OpenJ9 possible infinite busy hang
https://notcve.org/view.php?id=CVE-2023-5676
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. En Eclipse OpenJ9 anterior a la versión 0.41.0, la JVM puede verse forzada a un bloqueo de ocupación infinita en un bloqueo de giro o una falla de segmentación si se recibe una señal de apagado (SIGTERM, SIGINT o SIGHUP) antes de que la JVM haya terminado de inicializarse. Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite busy hang on a spinlock or a segmentation fault. • https://github.com/eclipse-openj9/openj9/pull/18085 https://gitlab.eclipse.org/security/cve-assignement/-/issues/13 https://access.redhat.com/security/cve/CVE-2023-5676 https://bugzilla.redhat.com/show_bug.cgi?id=2250255 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4218 – XXE in eclipse.platform / Eclipse IDE
https://notcve.org/view.php?id=CVE-2023-4218
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). En las versiones de Eclipse IDE <2023-09 (4.29), algunos archivos con contenido xml se analizan como vulnerables a todo tipo de ataques XXE. El usuario sólo necesita abrir cualquier proyecto maligno o actualizar un proyecto abierto con un archivo vulnerable (por ejemplo, para revisar un repositorio o parche externo). • https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b https://github.com/eclipse-emf/org.eclipse.emf/issues/10 https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec https://github.com/eclipse-pde/eclipse.pde/pull/632 https://github.com/eclipse-pde/eclipse.pde/pull/667 https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45 https:// • CWE-611: Improper Restriction of XML External Entity Reference •