CVE-2019-11775

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.

References

https://access.redhat.com/errata/RHSA-2019:2494

https://access.redhat.com/errata/RHSA-2019:2495

https://access.redhat.com/errata/RHSA-2019:2585

https://access.redhat.com/errata/RHSA-2019:2590

https://access.redhat.com/errata/RHSA-2019:2592

https://access.redhat.com/errata/RHSA-2019:2737

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601

Details

Source: MITRE

Published: 2019-07-30

Updated: 2020-10-08

Type: CWE-367

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
150540SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14160-1)NessusSuSE Local Security Checks
medium
128872SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2371-1)NessusSuSE Local Security Checks
critical
128858RHEL 6 : java-1.8.0-ibm (RHSA-2019:2737)NessusRed Hat Local Security Checks
critical
128628SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:2336-1)NessusSuSE Local Security Checks
medium
128520SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2291-1)NessusSuSE Local Security Checks
critical
128451RHEL 6 : java-1.8.0-ibm (RHSA-2019:2592)NessusRed Hat Local Security Checks
critical
128449RHEL 8 : java-1.8.0-ibm (RHSA-2019:2590)NessusRed Hat Local Security Checks
critical
128447RHEL 7 : java-1.8.0-ibm (RHSA-2019:2585)NessusRed Hat Local Security Checks
critical
127988RHEL 7 : java-1.7.1-ibm (RHSA-2019:2495)NessusRed Hat Local Security Checks
medium
127987RHEL 6 : java-1.7.1-ibm (RHSA-2019:2494)NessusRed Hat Local Security Checks
medium