Null Pointer Vulnerability in Eclipse OpenJ9 JIT Compiler
CVE-2018-12549

9.8CRITICAL

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Openj9
Vendor
CVE Published:
11 February 2019

What is CVE-2018-12549?

In Eclipse OpenJ9 version 0.11.0, a null pointer vulnerability exists in the JIT compiler. The issue arises when the compiler may incorrectly omit critical null checks on the receiver object during Unsafe calls, potentially leading to unexpected behaviors or crashes that can be exploited by an attacker.

Affected Version(s)

Eclipse OpenJ9 0.11.0

References

https://access.redhat.com/errata/RHSA-2019:0469
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0472
vendor-advisoryx_refsource_REDHAT
https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.