// For flags

CVE-2019-17639

JDK: Information disclosure via calls to System.arraycopy() with invalid length

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

En Eclipse OpenJ9 anterior a la versión 0.21 en plataformas Power, llamar al método System.arraycopy con una longitud mayor que la longitud de la matriz de origen o destino puede, en determinados patrones de código especialmente diseñados, hacer que el método actual regrese prematuramente con un valor de retorno indefinido. Esto permite que cualquier valor que esté en el registro de retorno en ese momento sea usado como si coincide con el tipo de retorno declarado del método

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-16 CVE Reserved
  • 2020-07-15 CVE Published
  • 2023-03-31 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eclipse
Search vendor "Eclipse"
Openj9
Search vendor "Eclipse" for product "Openj9"
<= 0.20.0
Search vendor "Eclipse" for product "Openj9" and version " <= 0.20.0"
-
Affected
Eclipse
Search vendor "Eclipse"
Openj9
Search vendor "Eclipse" for product "Openj9"
0.21.0
Search vendor "Eclipse" for product "Openj9" and version "0.21.0"
-
Affected
Eclipse
Search vendor "Eclipse"
Openj9
Search vendor "Eclipse" for product "Openj9"
0.21.0
Search vendor "Eclipse" for product "Openj9" and version "0.21.0"
milestone1
Affected
Eclipse
Search vendor "Eclipse"
Openj9
Search vendor "Eclipse" for product "Openj9"
0.21.0
Search vendor "Eclipse" for product "Openj9" and version "0.21.0"
milestone2
Affected