EUVD-2018-4507

Malware in sbrugna...

Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 respectively. These issues were disclosed as part of the IBM Java SDK updates in January 201...

JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

CVE-2018-12547

The CVE-2018-12547 issue affects Eclipse OpenJ9 where jio_snprintf() and jio_vsnprintf() fail to honor the input length, allowing buffer overflow. IBM advisories corroborate this vulnerability (CVE-2018-12547) within IBM Java SDK/JVM ecosystems and list affected IBM products (SAN Volume Controlle...