Stack-Based Buffer Overflow in Eclipse OpenJ9 Virtual Machine
CVE-2020-27221

9.8CRITICAL

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 21 January 2021

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2020-27221?

In Eclipse OpenJ9, a stack-based buffer overflow vulnerability exists that could occur when the virtual machine or Java Native Interface (JNI) natives attempt to convert UTF-8 characters to platform encoding. This flaw can be exploited in certain conditions, potentially leading to unpredictable behavior or system instability. It is critical for users to ensure that they are using up-to-date versions to mitigate this risk.

Affected Version(s)

Eclipse OpenJ9 <= 0.23

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2021
Vulnerability Reserved
Oct 19, 2020