CVE-2024-10917

Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

CVSS 3.7 LOWEPSS 0.4%CWE-190

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 nov 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Productos afectados

Eclipse Foundation · Open J9

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/eclipse-openj9/openj9/pull/20362 https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0 https://gitlab.eclipse.org/security/cve-assignement/-/issues/47