CVE-2023-2597

CWE-120Classic Buffer OverflowCWE-125Out-of-bounds Read3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.0%
top 87.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Eclipse Openj9Eclipse Foundation Eclipse Openj9
Timeline
PublishedMay 22

Description

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDeclipse/openj9< 0.38.0
CVEListV5eclipse_foundation/eclipse_openj9unspecified0.37.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-4794-756c-cx7v: In Eclipse Openj9 before version 02023-05-22
CVEList
CVE-2023-2597: In Eclipse Openj9 before version 02023-05-22
CVE-2023-2597 (CRITICAL CVSS 9.1) | In Eclipse Openj9 before version 0. | cvebase.io