CVE-2025-1470 — NULL Pointer Dereference in Foundation Eclipse OMR

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 74.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Eclipse OMR Eclipse OMR

Timeline

PublishedFeb 21

Description

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDeclipse/omr0.4.0

▶CVEListV5eclipse_foundation/eclipse_omr0.4.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvp4-8q5g-43fg: In Eclipse OMR, from the initial contribution to version 0↗2025-02-21

▶

CVEList

Eclipse OMR: Null pointer dereference vulnerability↗2025-02-21

▶