CVE-2019-11772

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager.

References

https://access.redhat.com/errata/RHSA-2019:2585

https://access.redhat.com/errata/RHSA-2019:2590

https://access.redhat.com/errata/RHSA-2019:2592

https://access.redhat.com/errata/RHSA-2019:2737

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549075

Details

Source: MITRE

Published: 2019-07-17

Updated: 2019-09-02

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
128872SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2371-1)NessusSuSE Local Security Checks
critical
128858RHEL 6 : java-1.8.0-ibm (RHSA-2019:2737)NessusRed Hat Local Security Checks
critical
128520SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2291-1)NessusSuSE Local Security Checks
critical
128451RHEL 6 : java-1.8.0-ibm (RHSA-2019:2592)NessusRed Hat Local Security Checks
critical
128449RHEL 8 : java-1.8.0-ibm (RHSA-2019:2590)NessusRed Hat Local Security Checks
critical
128447RHEL 7 : java-1.8.0-ibm (RHSA-2019:2585)NessusRed Hat Local Security Checks
critical