CVE-2023-2597

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

History

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

30 May 2023, 21:32

Type Values Removed Values Added
References (CONFIRM) https://github.com/eclipse-openj9/openj9/pull/17259 - (CONFIRM) https://github.com/eclipse-openj9/openj9/pull/17259 - Patch
CPE cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-125
First Time Eclipse openj9
Eclipse

Information

Published : 2023-05-22 12:15

Updated : 2024-06-21 19:15


NVD link : CVE-2023-2597

Mitre link : CVE-2023-2597

CVE.ORG link : CVE-2023-2597


JSON object : View

Products Affected

eclipse

  • openj9
CWE
CWE-125

Out-of-bounds Read

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')