CVE-2022-3676

CWE-20 — Improper Input Validation CWE-8433 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Eclipse Foundation Eclipse Openj9 Eclipse Openj9

Timeline

PublishedOct 24

Description

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDeclipse/openj9< 0.35.0

▶CVEListV5the_eclipse_foundation/eclipse_openj9unspecified — 0.35.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-3676: In Eclipse Openj9 before version 0↗2022-10-24

▶

GHSA

GHSA-vw7j-6j6f-vm86: In Eclipse Openj9 before version 0↗2022-10-24

▶