CVE-2023-5676
Eclipse OpenJ9 possible infinite busy hang
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
En Eclipse OpenJ9 anterior a la versión 0.41.0, la JVM puede verse forzada a un bloqueo de ocupación infinita en un bloqueo de giro o una falla de segmentación si se recibe una señal de apagado (SIGTERM, SIGINT o SIGHUP) antes de que la JVM haya terminado de inicializarse.
Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite busy hang on a spinlock or a segmentation fault.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-10-20 CVE Reserved
- 2023-11-15 CVE Published
- 2024-08-29 CVE Updated
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-364: Signal Handler Race Condition
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/eclipse-openj9/openj9/pull/18085 | 2023-11-22 |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.eclipse.org/security/cve-assignement/-/issues/13 | 2023-11-22 | |
| https://access.redhat.com/security/cve/CVE-2023-5676 | 2024-02-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2250255 | 2024-02-20 |