CVE-2019-11772

{"id": "CVE-2019-11772", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-17T21:15:11.407", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:2585", "source": "emo@eclipse.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2590", "source": "emo@eclipse.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2592", "source": "emo@eclipse.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2737", "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=549075", "tags": ["Permissions Required", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager."}, {"lang": "es", "value": "En OpenJ9 anterior a versi\u00f3n 0.15 de Eclipse, el m\u00e9todo String.getBytes (int, int, byte[], int) no comprueba que la matriz de bytes proporcionada no sea nula ni que el \u00edndice suministrado est\u00e9 dentro de los l\u00edmites cuando est\u00e1 compilado por el JIT. Esto permite escrituras arbitrarias en cualquier direcci\u00f3n de 32 bits o m\u00e1s all\u00e1 del final de una matriz de bytes dentro del c\u00f3digo Java ejecutado bajo un SecurityManager."}], "lastModified": "2019-09-02T10:15:13.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8216721A-F120-418A-9E13-19A1D8DF1BAD", "versionEndExcluding": "0.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}