Java Bytecode Handling Flaw in Eclipse OpenJ9 by IBM
CVE-2019-10245

7.5HIGH

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Openj9
Vendor
CVE Published:
19 April 2019

What is CVE-2019-10245?

In versions of Eclipse OpenJ9 prior to 0.14.0, a vulnerability allows the Java bytecode verifier to incorrectly permit methods to execute beyond the end of the bytecode array, which can lead to application crashes. The issue is rectified in version 0.14.0, where proper detection mechanisms prevent such class load attempts.

Affected Version(s)

Eclipse OpenJ9 < 0.14.0

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108094
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1164
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.