Bytecode Verification Bypass in Eclipse OpenJ9 Java Runtime
CVE-2021-41041

5.3MEDIUM

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 27 April 2022

What is CVE-2021-41041?

In Eclipse OpenJ9 prior to version 0.32.0, a vulnerability exists where Java 8 and 11 do not properly handle exceptions during bytecode verification. This flaw allows for the invocation of unverified methods via MethodHandles, potentially compromising the integrity of the execution environment and leading to unintentional method executions. Proper verification mechanisms should be enforced to prevent such exploitation.

Affected Version(s)

Eclipse OpenJ9 < 0.32.0

References

https://github.com/eclipse-openj9/openj9/pull/14935

x_refsource_CONFIRM

https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Sep 13, 2021

The Eclipse Foundation

What is CVE-2021-41041?

Affected Version(s)

References

CVSS V3.1

Timeline