CVE-2019-17639

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998

Details

Source: MITRE

Published: 2020-07-15

Updated: 2020-08-12

Type: CWE-843

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
150639SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14484-1)NessusSuSE Local Security Checks
high
144387RHEL 7 : java-1.8.0-ibm (RHSA-2020:5585)NessusRed Hat Local Security Checks
medium
140263SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:2482-1)NessusSuSE Local Security Checks
high
140257SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:2461-1)NessusSuSE Local Security Checks
medium
140254SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:2453-1)NessusSuSE Local Security Checks
medium
139465RHEL 7 : java-1.7.1-ibm (RHSA-2020:3388)NessusRed Hat Local Security Checks
high
139464RHEL 6 : java-1.7.1-ibm (RHSA-2020:3387)NessusRed Hat Local Security Checks
high
139463RHEL 8 : java-1.8.0-ibm (RHSA-2020:3386)NessusRed Hat Local Security Checks
medium