Vulnerability Details : CVE-2019-10245
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Vulnerability category: OverflowInput validation
Exploit prediction scoring system (EPSS) score for CVE-2019-10245
Probability of exploitation activity in the next 30 days: 2.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-10245
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
[email protected] |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
[email protected] |
CWE ids for CVE-2019-10245
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: [email protected] (Secondary)
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2019-10245
-
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588
Issue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1238
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1166
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1165
Third Party Advisory
-
http://www.securityfocus.com/bid/108094
Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:1325
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1164
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1163
Third Party Advisory
Products affected by CVE-2019-10245
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*