CVE-2021-41041

CWE-252 — Unchecked Return Value CWE-843 CWE-908 — Use of Uninitialized Resource5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 76.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Eclipse Foundation Eclipse Openj9 Eclipse Openj9 Oracle Java SE

Timeline

PublishedApr 27

Latest updateApr 28

Description

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDeclipse/openj9< 0.32.0

▶CVEListV5the_eclipse_foundation/eclipse_openj9unspecified — 0.32.0

▶NVDoracle/java_se11, 8+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmjp-ppjm-p747: In Eclipse Openj9 before version 0↗2022-04-28

▶

OSV

CVE-2021-41041: In Eclipse Openj9 before version 0↗2022-04-27

▶

CVEList

CVE-2021-41041: In Eclipse Openj9 before version 0↗2022-04-27

▶

📋Vendor Advisories

Red Hat

java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles↗2022-04-27

▶