21 matches found
CVE-2020-27221
CVE-2020-27221 affects Eclipse OpenJ9 (up to and including 0.23). The root cause is a stack-based buffer overflow when the VM or JNI natives convert UTF‑8 characters to the platform encoding. This can be triggered by sending an overly long string, potentially allowing arbitrary code execution or ...
CVE-2021-41041
CVE-2021-41041 affects Eclipse OpenJ9 (Java VM) prior to 0.32.0. When bytecode verification is triggered by a MethodHandle invocation, the exception raised during verification may not be thrown, allowing unverified methods to be invoked via MethodHandles. This creates a potential for untrusted co...
CVE-2023-5676
CVE-2023-5676 : In Eclipse OpenJ9, prior to 0.41.0, receiving a shutdown signal (SIGTERM, SIGINT, or SIGHUP) before JVM initialization can cause the JVM to enter an infinite busy-wait on a spinlock or crash with a segmentation fault. Affected component: OpenJ9 JVM; root cause: signal handler race...
CVE-2019-17639
CVE-2019-17639 affects Eclipse OpenJ9 on Power platforms, where calling System.arraycopy with a length longer than the source or destination can cause the current method to return prematurely with an undefined return value. The code may then use whatever is in the return register as if it matches...
CVE-2024-10917
CVE-2024-10917 affects OpenJ9: in OpenJ9 up to version 0.47, GetStringUTFLength can wrap around, returning an incorrect value. From 0.48, the value is correct but may be truncated to include fewer characters. Remediation: upgrade to OpenJ9 0.48.0 or later.
CVE-2019-17631
CVE-2019-17631 : Eclipse OpenJ9 could allow a local attacker to gain elevated privileges due to a missing authorization check when accessing a resource or action. In IBM docs, affected product Liberty for Java is listed (version 3.37); remediation is to upgrade to Liberty for Java v3.40-20200108-...
CVE-2022-3676
CVE-2022-3676 : Eclipse OpenJ9 before 0.35.0 allows inlining of interface calls without a runtime type check, enabling malicious bytecode to access or modify memory via an incompatible type. Primary impact is memory access/modify; CVSS indicates network access, no user interaction, low confidenti...
CVE-2023-2597
CVE-2023-2597: OpenJ9 before 0.38.0 is affected; in the shared cache, string size is not checked against buffer size, enabling a buffer overflow. Affected: Eclipse OpenJ9; root cause: insufficient bound check in getCachedUTFString()/shared cache path. Impact: potential code execution or crash. Re...
CVE-2018-12547
The CVE-2018-12547 issue affects Eclipse OpenJ9 where jio_snprintf() and jio_vsnprintf() fail to honor the input length, allowing buffer overflow. IBM advisories corroborate this vulnerability (CVE-2018-12547) within IBM Java SDK/JVM ecosystems and list affected IBM products (SAN Volume Controlle...
CVE-2019-10245
CVE-2019-10245 affects Eclipse OpenJ9 where the Java bytecode verifier could allow a method to run past the end of a bytecode array, potentially crashing the JVM. The issue is fixed in OpenJ9 release 0.14.0 and later, which correctly rejects the problematic class load. Public references in the pr...
CVE-2025-4447
CVE-2025-4447 concerns Eclipse OpenJ9: when used with OpenJDK 8, OpenJ9 versions up to 0.51 may experience a stack-based buffer overflow caused by modifying a file on disk that is read at JVM startup. The IBM/Cloud Pak security notes in the connected documents corroborate that this CVE is referen...
CVE-2021-41035
CVE-2021-41035 affects Eclipse OpenJ9 prior to 0.29.0. The root cause is that the JVM does not throw IllegalAccessError for MethodHandles invoking inaccessible interface methods. This could allow a remote attacker to gain elevated privileges and execute arbitrary code on the system; exploitation ...
CVE-2019-11772
CVE-2019-11772 affects OpenJ9 (prior to 0.15). The vulnerability is an out-of-bounds write in String.getBytes invoked by JIT, allowing a local attacker to write memory at arbitrary 32-bit addresses or beyond the end of a byte array when Java runs under a SecurityManager. IBM/IBM X-Force entries t...
CVE-2018-12539
CVE-2018-12539 affects IBM/OpenJ9-based JVMs where the Java Attach API can be used by non-owners to connect to a local OpenJ9/IBM JVM and run untrusted native code. By default Attach API is enabled on Windows, Linux and AIX; a workaround is to disable it with -Dcom.ibm.tools.attach.enable=no. IBM...
CVE-2018-12549
CVE-2018-12549 affects Eclipse OpenJ9 VM up to version 0.11.0, where the JIT compiler may omit a null check on the receiver object of an Unsafe call during acceleration. This can enable a remote attacker to execute arbitrary code on the system, as reflected by the CVSS3 base score of 9.8 (high/cr...
CVE-2024-3933
CVE-2024-3933 affects IBM OpenJ9/OpenJDK builds older than 0.44.0 (and between 0.13.0) on IBM Z with guarded storage, where arraycopy during Concurrent Scavenge GC can permit reading/writing beyond the end of the source/destination, due to a mismatch in System.arrayCopy length handling. The vulne...
CVE-2019-11775
CVE-2019-11775 refers to a bug in Eclipse OpenJ9 prior to 0.15 where the loop versioner may fail to privatize a value pulled from a loop, potentially causing out-of-bounds access. IBM bulletin context ties this to IBM Cloud Transformation Advisor (and other IBM/JVM surfaces) with a targeted remed...
CVE-2021-28167
CVE-2021-28167 affects IBM Java/OpenJ9; the root cause is the jdk.internal.reflect.ConstantPool API, which can cause pre-resolution of certain constant pool entries, allowing a user to call static methods or access static members without class initialization and potentially observe uninitialized ...
CVE-2019-11771
CVE-2019-11771 details (NORMAL). Eclipse OpenJ9 in AIX builds prior to 0.15.0 contains unused RPATHs, enabling a local attacker to inject code and achieve privilege elevation. This risk is tied to IBM/OpenJ9/OpenJDK deployments on IBM products. Remediation is to upgrade to OpenJ9/IBM Java SDK 0.1...
CVE-2018-12548
CVE-2018-12548 affects OpenJDK + Eclipse OpenJ9 0.11.0 builds. The issue lies in the public jdk.crypto.jniprovider.NativeCrypto class, which exposes public static native methods that accept pointer values dereferenced in native code, leading to potential fault/impact described by the CVE. Connect...
CVE-2026-6918
CVE-2026-6918 affects Eclipse OpenJ9/JITServer. Versions 0.21–0.58 are vulnerable to a pre-auth remote crash triggered by a 32-byte crafted TCP message. The description does not provide exploit details or remediation. No further concrete impact or patch information is available in the connected d...