Stack-Based Buffer Overflow in Eclipse OpenJ9 Virtual Machine
CVE-2020-27221

9.8CRITICAL

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 21 January 2021

What is CVE-2020-27221?

In Eclipse OpenJ9, a stack-based buffer overflow vulnerability exists that could occur when the virtual machine or Java Native Interface (JNI) natives attempt to convert UTF-8 characters to platform encoding. This flaw can be exploited in certain conditions, potentially leading to unpredictable behavior or system instability. It is critical for users to ensure that they are using up-to-date versions to mitigate this risk.

Affected Version(s)

Eclipse OpenJ9 <= 0.23

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2021
Vulnerability Reserved
Oct 19, 2020

The Eclipse Foundation

What is CVE-2020-27221?

Affected Version(s)

References

CVSS V3.1

Timeline