PT-2019-11656 · Oracle+5 · Java Se+5

Dan Heidinga

Publicado

2019-04-19

Atualizado

2021-10-28

CVE-2019-10245

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.14.0 Oracle Java SE (affected versions not specified)

Description: The issue involves incorrect handling in the Java bytecode verifier, allowing a method to execute past the end of the bytecode array, which can cause crashes. Additionally, there is an unspecified vulnerability related to the Java SE 2D component that could allow an unauthenticated attacker to take control of the system.

Recommendations: For Eclipse OpenJ9 versions prior to 0.14.0, update to version 0.14.0 or later to resolve the issue. For Oracle Java SE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-119

Identificadores relacionados

CESA-2019_1238

CVE-2019-10245

RHSA-2019:1163

RHSA-2019:1164

RHSA-2019:1165

RHSA-2019:1166

RHSA-2019:1238

RHSA-2019:1325

RHSA-2019_1163

RHSA-2019_1164

RHSA-2019_1165

RHSA-2019_1166

RHSA-2019_1238

SUSE-SU-2019:1308-1

SUSE-SU-2019:1308-2

SUSE-SU-2019:1345-1

SUSE-SU-2019:14059-1

SUSE-SU-2019:1644-1

SUSE-SU-2019_1308-1

SUSE-SU-2019_1308-2

SUSE-SU-2019_1345-1

SUSE-SU-2019_14059-1

SUSE-SU-2019_1644-1

Produtos afetados

Centos

Eclipse Openj9

Ibm Aix

Java Se

Red Hat

Suse

PT-2019-11656 · Oracle+5 · Java Se+5

CVE-2019-10245

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 73