Loop Versioning Bug in Eclipse OpenJ9 by Eclipse Foundation
CVE-2019-11775

7.4HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 30 July 2019

What is CVE-2019-11775?

Eclipse OpenJ9 versions before 0.15 suffer from a loop versioning vulnerability. This issue arises when the loop versioner fails to privatize a value moved out of the loop, leading to potential read out of array bounds and other unintended consequences. Specifically, when conditions are relocated from the loop without proper value privatization, subsequent iterations may utilize modified field values without re-evaluating the original conditions. This oversight can introduce various instability issues within applications utilizing the affected versions.

Affected Version(s)

Eclipse OpenJ9 < 0.15.0

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:2494

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2019:2495

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2019
Vulnerability Reserved
May 6, 2019

The Eclipse Foundation

What is CVE-2019-11775?

Affected Version(s)

References

CVSS V3.1

Timeline