Openj9@* Security Vulnerabilities and Issues — Openj9@* CVE List

Lucene search

EclipseOpenj9*

10 matches found

CVE•added 2023/11/15 2:15 p.m.•159 views

CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

5.9CVSS5.4AI score0.00036EPSS

CVE•added 2022/04/27 2:15 a.m.•144 views

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

5.3CVSS5.3AI score0.00085EPSS

CVE•added 2022/10/24 2:15 p.m.•131 views

CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

6.5CVSS6.2AI score0.00338EPSS

CVE•added 2023/05/22 12:15 p.m.•127 views

CVE-2023-2597

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

9.1CVSS9AI score0.00024EPSS

CVE•added 2019/02/11 3:29 p.m.•120 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS

CVE•added 2019/04/19 2:29 p.m.•119 views

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

7.5CVSS7.6AI score0.01619EPSS

CVE•added 2021/10/25 3:15 p.m.•119 views

CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

9.8CVSS9.4AI score0.00148EPSS

CVE•added 2019/07/17 9:15 p.m.•100 views

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within ...

9.8CVSS8.4AI score0.00871EPSS

CVE•added 2019/07/30 2:15 p.m.•85 views

CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the mod...

7.4CVSS8.2AI score0.01505EPSS

CVE•added 2019/07/17 9:15 p.m.•73 views

CVE-2019-11771

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

7.8CVSS7.9AI score0.00043EPSS