Eclipse OpenJ9 (used as part of IBM InfoSphere Global Name Management) when running on Linux or AIX is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Global Name Management | 6.0 |
Customers with IBM InfoSphere Global Name Management version 6 are encouraged to upgrade to version 7, which includes a fix for this issue.
For customers remaining on IBM InfoSphere Global Name Management version 6: Per original bulletin at <https://www.ibm.com/support/pages/node/6414721>, apply IBM SDK Java Technology Edition, version 8.0.6.25 or later as available from IBM Fix Central. IBM recommends installing the latest Version 8 Service Refresh 6 release.
None