10 matches found
CVE-2021-41041
CVE-2021-41041 affects Eclipse OpenJ9 (Java VM) prior to 0.32.0. When bytecode verification is triggered by a MethodHandle invocation, the exception raised during verification may not be thrown, allowing unverified methods to be invoked via MethodHandles. This creates a potential for untrusted co...
CVE-2023-5676
CVE-2023-5676 : In Eclipse OpenJ9, prior to 0.41.0, receiving a shutdown signal (SIGTERM, SIGINT, or SIGHUP) before JVM initialization can cause the JVM to enter an infinite busy-wait on a spinlock or crash with a segmentation fault. Affected component: OpenJ9 JVM; root cause: signal handler race...
CVE-2022-3676
CVE-2022-3676 : Eclipse OpenJ9 before 0.35.0 allows inlining of interface calls without a runtime type check, enabling malicious bytecode to access or modify memory via an incompatible type. Primary impact is memory access/modify; CVSS indicates network access, no user interaction, low confidenti...
CVE-2019-10245
CVE-2019-10245 affects Eclipse OpenJ9 where the Java bytecode verifier could allow a method to run past the end of a bytecode array, potentially crashing the JVM. The issue is fixed in OpenJ9 release 0.14.0 and later, which correctly rejects the problematic class load. Public references in the pr...
CVE-2023-2597
CVE-2023-2597: OpenJ9 before 0.38.0 is affected; in the shared cache, string size is not checked against buffer size, enabling a buffer overflow. Affected: Eclipse OpenJ9; root cause: insufficient bound check in getCachedUTFString()/shared cache path. Impact: potential code execution or crash. Re...
CVE-2018-12547
The CVE-2018-12547 issue affects Eclipse OpenJ9 where jio_snprintf() and jio_vsnprintf() fail to honor the input length, allowing buffer overflow. IBM advisories corroborate this vulnerability (CVE-2018-12547) within IBM Java SDK/JVM ecosystems and list affected IBM products (SAN Volume Controlle...
CVE-2021-41035
CVE-2021-41035 affects Eclipse OpenJ9 prior to 0.29.0. The root cause is that the JVM does not throw IllegalAccessError for MethodHandles invoking inaccessible interface methods. This could allow a remote attacker to gain elevated privileges and execute arbitrary code on the system; exploitation ...
CVE-2019-11772
CVE-2019-11772 affects OpenJ9 (prior to 0.15). The vulnerability is an out-of-bounds write in String.getBytes invoked by JIT, allowing a local attacker to write memory at arbitrary 32-bit addresses or beyond the end of a byte array when Java runs under a SecurityManager. IBM/IBM X-Force entries t...
CVE-2019-11775
CVE-2019-11775 refers to a bug in Eclipse OpenJ9 prior to 0.15 where the loop versioner may fail to privatize a value pulled from a loop, potentially causing out-of-bounds access. IBM bulletin context ties this to IBM Cloud Transformation Advisor (and other IBM/JVM surfaces) with a targeted remed...
CVE-2019-11771
CVE-2019-11771 details (NORMAL). Eclipse OpenJ9 in AIX builds prior to 0.15.0 contains unused RPATHs, enabling a local attacker to inject code and achieve privilege elevation. This risk is tied to IBM/OpenJ9/OpenJDK deployments on IBM products. Remediation is to upgrade to OpenJ9/IBM Java SDK 0.1...