In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Max CVSS
7.5
EPSS Score
3.35%
Published
2019-04-19
Updated
2021-10-28
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Max CVSS
9.8
EPSS Score
1.85%
Published
2019-02-11
Updated
2019-05-16
2 vulnerabilities found