CVE-2024-10917

Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength

CVSS 3.7 LOWEPSS 0.4%CWE-190

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 nov 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Produtos afetados

Eclipse Foundation · Open J9

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/eclipse-openj9/openj9/pull/20362 https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0 https://gitlab.eclipse.org/security/cve-assignement/-/issues/47