CVE-2019-11774 — Time-of-check Time-of-use (TOCTOU) Race Condition in Eclipse Foundation Eclipse OMR

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition5 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.5%

top 35.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Eclipse Foundation Eclipse OMR Eclipse OMR

Timeline

PublishedSep 12

Latest updateMay 24

Description

Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a var…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDeclipse/omr< 0.1

▶CVEListV5the_eclipse_foundation/eclipse_omrunspecified — 0.1

Patches

Patch: bugs.eclipse.org ↗Patch: bugs.eclipse.org ↗

🔴Vulnerability Details

GHSA

GHSA-c4qj-5gg4-8hwf: Prior to 0↗2022-05-24

▶

CVEList

CVE-2019-11774: Prior to 0↗2019-09-12

▶