NULL Pointer Dereference Vulnerability in Eclipse OMR Affecting z/OS Functions
CVE-2025-1470

5.1MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Omr
Vendor: CVE Published:; 21 February 2025

Summary

In Eclipse OMR versions prior to 0.5.0, there is a vulnerability within the internal port library and utilities that interface with z/OS atoe functions. These components fail to validate the return values for NULL pointers and memory allocation errors, which may unexpectedly lead to application crashes due to NULL pointer dereferences. The issue has been resolved in version 0.5.0, wherein the internal consumers of atoe functions have been updated to properly handle NULL return values and memory allocation failures.

Affected Version(s)

Eclipse OMR 0 <= 0.4.0

References

https://github.com/eclipse-omr/omr/pull/7655

https://github.com/eclipse-omr/omr/pull/7663

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 19, 2025