Bytecode Verification Bypass in Eclipse OpenJ9 Java Runtime
CVE-2021-41041

5.3MEDIUM

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 27 April 2022

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2021-41041?

In Eclipse OpenJ9 prior to version 0.32.0, a vulnerability exists where Java 8 and 11 do not properly handle exceptions during bytecode verification. This flaw allows for the invocation of unverified methods via MethodHandles, potentially compromising the integrity of the execution environment and leading to unintentional method executions. Proper verification mechanisms should be enforced to prevent such exploitation.

Affected Version(s)

Eclipse OpenJ9 < 0.32.0

References

https://github.com/eclipse-openj9/openj9/pull/14935

x_refsource_CONFIRM

https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Sep 13, 2021