CVE-2021-41041
CVE-2021-41041
In short
Eclipse Openj9 fails to properly report errors when verifying Java bytecode during MethodHandle calls, potentially allowing unsafe code to run without being caught.
Technical detail
CVE-2021-41041 involves improper exception handling (CWE-252) during bytecode verification in Openj9 when triggered via MethodHandle invocation. An attacker can craft bytecode that bypasses verification checks, leading to execution of unverified methods with potential memory corruption or privilege escalation impacts.
Summary generated and translated by AI from the official description.
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
Affected products
The Eclipse Foundation · Eclipse OpenJ9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →