Buffer Overflow Vulnerability in Eclipse OpenJ9 Shared Cache
CVE-2023-2597

7HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 22 May 2023

What is CVE-2023-2597?

A vulnerability exists in Eclipse OpenJ9 prior to version 0.38.0 that stems from improper size checks of strings against their buffer limits within the shared cache implementation. This weakness can potentially allow attackers to cause a buffer overflow, leading to unauthorized access, data corruption, or arbitrary code execution. Users of Eclipse OpenJ9 are encouraged to update to the latest version to mitigate these risks.

Affected Version(s)

Eclipse OpenJ9 <= 0.37.0

References

https://github.com/eclipse-openj9/openj9/pull/17259

https://security.netapp.com/advisory/ntap-20240621-0006/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
May 9, 2023

Eclipse Foundation

What is CVE-2023-2597?

Affected Version(s)

References

CVSS V3.1

Timeline