CVE-2019-11772

JDK: Out-of-bounds access in the String.getBytes method

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager.

En OpenJ9 anterior a versión 0.15 de Eclipse, el método String.getBytes (int, int, byte[], int) no comprueba que la matriz de bytes proporcionada no sea nula ni que el índice suministrado esté dentro de los límites cuando está compilado por el JIT. Esto permite escrituras arbitrarias en cualquier dirección de 32 bits o más allá del final de una matriz de bytes dentro del código Java ejecutado bajo un SecurityManager.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40. Issues addressed include deserialization, out of bounds access, and use-after-free vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-05-06 CVE Reserved
2019-07-17 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787: Out-of-bounds Write

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:2585	2019-09-02
https://access.redhat.com/errata/RHSA-2019:2590	2019-09-02
https://access.redhat.com/errata/RHSA-2019:2592	2019-09-02
https://access.redhat.com/errata/RHSA-2019:2737	2019-09-02
https://access.redhat.com/security/cve/CVE-2019-11772	2019-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=1738547	2019-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Eclipse Search vendor "Eclipse"		Openj9 Search vendor "Eclipse" for product "Openj9"				< 0.15.0 Search vendor "Eclipse" for product "Openj9" and version " < 0.15.0"		-		Affected