Insecure Memory Management in Eclipse OpenJ9 by Eclipse Foundation
CVE-2022-3676

6.5MEDIUM

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 24 October 2022

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2022-3676?

Eclipse OpenJ9 versions prior to 0.35.0 are susceptible to a vulnerability that allows for inline interfaces without proper runtime type checks. This flaw can be exploited by malicious bytecode, enabling attackers to access or alter memory spaces using incompatible types, which poses significant risks to application stability and security.

Affected Version(s)

Eclipse OpenJ9 < 0.35.0

References

https://github.com/eclipse-openj9/openj9/pull/16122

https://github.com/eclipse/omr/pull/6773

https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issu...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2022
Vulnerability Reserved
Oct 24, 2022