CVE-2023-5676

CWE-364 CWE-362 — Race Condition4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.0%

top 88.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Openj9 Eclipse Openj9

Timeline

PublishedNov 15

Description

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

Affected Packages2 packages

▶NVDeclipse/openj9< 0.41.0

▶CVEListV5eclipse_foundation/openj9< 0.41.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Eclipse OpenJ9 possible infinite busy hang↗2023-11-15

▶

GHSA

GHSA-5ch2-qvr7-76ch: In Eclipse OpenJ9 before version 0↗2023-11-15

▶

📋Vendor Advisories

Red Hat

JDK: Eclipse OpenJ9 JVM denial of service↗2023-11-15

▶