Buffer Overflow in Eclipse OMR Affecting z/OS Print Functions
CVE-2025-1471

7.1HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Omr
Vendor: CVE Published:; 21 February 2025

Summary

Eclipse OMR versions 0.2.0 to 0.4.0 contain a vulnerability in the z/OS print functions, where the use of a constant length buffer for string conversion can lead to a buffer overflow if the provided input exceeds the buffer size. This poses a significant risk as it can allow attackers to overwrite adjacent memory, potentially compromising application stability and security. The issue has been addressed in version 0.5.0, where the buffer sizes have been corrected and checks have been implemented to prevent such overflows.

Affected Version(s)

Eclipse OMR 0.2.0 < 0.4.0

References

https://github.com/eclipse-omr/omr/pull/7658

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 19, 2025