CVE-2024-3933

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write CWE-805 CWE-22 — Path Traversal CWE-743 documents3 sources

Severity

7.3HIGH

EPSS

0.1%

top 79.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Open J9 Eclipse Openj9

Timeline

PublishedMay 27

Latest updateJul 19

Description

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read a…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:LExploitability: 1.0 | Impact: 4.2

Affected Packages2 packages

▶NVDeclipse/openj90.13.0 — 0.44.0

▶CVEListV5eclipse_foundation/open_j90.13.0 — 0.44.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable↗2024-07-19

▶

CVEList

Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer↗2024-05-27

▶