Eclipse : Security Vulnerabilities, CVEs, Published In 2019 (Overflow)
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
Max CVSS
7.5
EPSS Score
3.35%
Published
2019-04-19
Updated
2021-10-28
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
Max CVSS
9.8
EPSS Score
0.15%
Published
2019-01-31
Updated
2019-10-09
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
Max CVSS
9.8
EPSS Score
1.85%
Published
2019-02-11
Updated
2019-05-16
3 vulnerabilities found