CVE-2024-10917

CWE-190Integer Overflow3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 46.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Eclipse Openj9Eclipse Foundation Open J9
Timeline
PublishedNov 11

Description

In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDeclipse/openj90.8.00.48.0
CVEListV5eclipse_foundation/open_j90.8.00.47.0

Patches

Patch: github.com

🔴Vulnerability Details

2
CVEList
Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength2024-11-11
GHSA
GHSA-492j-gvpg-m7v2: In Eclipse OpenJ9 versions up to 02024-11-11
CVE-2024-10917 (MEDIUM CVSS 5.3) | In Eclipse OpenJ9 versions up to 0. | cvebase.io