Lucene search

K
EclipseOpenj9

8 matches found

CVE
CVE
added 2021/01/21 5:15 a.m.152 views

CVE-2020-27221

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

9.8CVSS9.7AI score0.00394EPSS
CVE
CVE
added 2023/05/22 12:15 p.m.125 views

CVE-2023-2597

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

9.1CVSS9AI score0.00024EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.114 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2021/10/25 3:15 p.m.112 views

CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

9.8CVSS9.4AI score0.00174EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.94 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

9.1CVSS9AI score0.005EPSS
CVE
CVE
added 2019/07/17 9:15 p.m.93 views

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within ...

9.8CVSS8.4AI score0.00871EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.89 views

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

9.8CVSS6.2AI score0.00762EPSS
CVE
CVE
added 2019/01/31 8:29 p.m.26 views

CVE-2018-12548

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

9.8CVSS9.2AI score0.00422EPSS