Loop Versioning Bug in Eclipse OpenJ9 by Eclipse Foundation
CVE-2019-11775

7.4HIGH

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Openj9
Vendor
CVE Published:
30 July 2019

What is CVE-2019-11775?

Eclipse OpenJ9 versions before 0.15 suffer from a loop versioning vulnerability. This issue arises when the loop versioner fails to privatize a value moved out of the loop, leading to potential read out of array bounds and other unintended consequences. Specifically, when conditions are relocated from the loop without proper value privatization, subsequent iterations may utilize modified field values without re-evaluating the original conditions. This oversight can introduce various instability issues within applications utilizing the affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse OpenJ9 < 0.15.0

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:2494
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2495
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.