Java Bytecode Handling Flaw in Eclipse OpenJ9 by IBM
CVE-2019-10245

7.5HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 19 April 2019

What is CVE-2019-10245?

In versions of Eclipse OpenJ9 prior to 0.14.0, a vulnerability allows the Java bytecode verifier to incorrectly permit methods to execute beyond the end of the bytecode array, which can lead to application crashes. The issue is rectified in version 0.14.0, where proper detection mechanisms prevent such class load attempts.

Affected Version(s)

Eclipse OpenJ9 < 0.14.0

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108094

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2019:1164

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2019
Vulnerability Reserved
Mar 27, 2019

The Eclipse Foundation

What is CVE-2019-10245?

Affected Version(s)

References

CVSS V3.1

Timeline