CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5676 – Eclipse OpenJ9 possible infinite busy hang
https://notcve.org/view.php?id=CVE-2023-5676
15 Nov 2023 — In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. En Eclipse OpenJ9 anterior a la versión 0.41.0, la JVM puede verse forzada a un bloqueo de ocupación infinita en un bloqueo de giro o una falla de segmentación si se recibe una señal de apagado (SIGTERM, SIGINT o SIGHUP) antes de que la JVM haya terminado de inicializarse. Eclipse... • https://github.com/eclipse-openj9/openj9/pull/18085 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2597
https://notcve.org/view.php?id=CVE-2023-2597
22 May 2023 — In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. • https://github.com/eclipse-openj9/openj9/pull/17259 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3676
https://notcve.org/view.php?id=CVE-2022-3676
24 Oct 2022 — In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. En Eclipse Openj9 versiones anteriores a 0.35.0, las llamadas a interfaces pueden ser inlineadas sin una comprobación de tipo en tiempo de ejecución. El código de bytes malicioso podría hacer uso de este inlining para acceder o modificar la memoria por medio de un tipo no compatible • https://github.com/eclipse-openj9/openj9/pull/16122 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41041 – java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles
https://notcve.org/view.php?id=CVE-2021-41041
27 Apr 2022 — In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. En Eclipse Openj9 versiones anteriores a 0.32.0, Java 8 y 11 no lanzan la excepción capturada durante la verificación del código de bytes cuando la verificación es desencadenada por una invocación de MethodHandle, permitiendo invocar métodos no verificados mediante Met... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744 • CWE-252: Unchecked Return Value CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41035 – JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods
https://notcve.org/view.php?id=CVE-2021-41035
25 Oct 2021 — In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. En Eclipse Openj9 versiones anteriores 0.29.0, la JVM no lanza IllegalAccessError para MethodHandles que invocan métodos de interfaz inaccesibles IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395 • CWE-250: Execution with Unnecessary Privileges CWE-440: Expected Behavior Violation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28167
https://notcve.org/view.php?id=CVE-2021-28167
21 Apr 2021 — In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values. En Eclipse Openj9 a versión 0.25.0, el uso de la API jdk.internal.reflect.ConstantPool causa a la JVM en algunos casos resolver previamente determinadas entradas de grupo constant... • https://github.com/eclipse/openj9/issues/12016 • CWE-909: Missing Initialization of Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27221 – JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding
https://notcve.org/view.php?id=CVE-2020-27221
21 Jan 2021 — In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. En Eclipse OpenJ9 hasta la versión 0.23 incluyéndola, se presenta un potencial desbordamiento del búfer en la región stack de la memoria cuando la máquina virtual o nativas de JNI están convirtiendo caracteres UTF-8 a la codificación de plataforma IBM Java SE version 7 Release 1 includes the IBM Java Runtim... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17639 – JDK: Information disclosure via calls to System.arraycopy() with invalid length
https://notcve.org/view.php?id=CVE-2019-17639
15 Jul 2020 — In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type. En Eclipse OpenJ9 anterior a la versión 0.21 en plataformas Power, llamar al... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11775 – JDK: Failure to privatize a value pulled out of the loop by versioning
https://notcve.org/view.php?id=CVE-2019-11775
30 Jul 2019 — All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of d... • https://access.redhat.com/errata/RHSA-2019:2494 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11772 – JDK: Out-of-bounds access in the String.getBytes method
https://notcve.org/view.php?id=CVE-2019-11772
17 Jul 2019 — In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager. En OpenJ9 anterior a versión 0.15 de Eclipse, el método String.getBytes (int, int, byte[], int) no comprueba que la matriz de bytes proporcionada no sea nula ni que el índice... • https://access.redhat.com/errata/RHSA-2019:2585 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •