Charlie Gracie

**Name of the Vulnerable Software and Affected Versions** Eclipse OMR versions prior to 0.1 **Description** The issue concerns unused RPATHs in AIX builds of Eclipse OMR, which could potentially facilitate code injection and privilege elevation by local users. **Recommendations** For versions prior to 0.1, consider removing or modifying the unused RPATHs to prevent potential code injection and privilege elevation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eclipse OMR versions prior to 0.1 **Description** The issue arises when the loop versioner fails to privatize a value pulled out of the loop by versioning. This can occur when a condition is moved out of the loop and reads a field, resulting in the test seeing one value of the field and the loop seeing a modified field value without retesting the condition. This can lead to various issues, including reading out of array bounds. **Recommendations** For Eclipse OMR versions prior to 0.1, consider updating to a version that addresses this issue, as the current version may allow for unauthorized access to array values due to the loop versioner's failure to privatize values correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.