PT-2019-3219 · Eclipse+4 · Eclipse Openj9+4

Peter Shipton

·

Publicado

2019-07-11

·

Atualizado

2020-10-08

·

CVE-2019-11775

CVSS v3.1

7.4

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions prior to 0.15
Description The issue is related to synchronization errors when using shared resources, which can lead to a "race condition" situation. This can cause memory corruption. Additionally, there is a problem with the loop versioner failing to privatize a value pulled out of the loop, potentially resulting in issues such as reading out of array bounds. The vulnerability could also allow a local attacker to gain elevated privileges on the system by injecting code due to unused RPATHS in AIX builds.
Recommendations For Eclipse OpenJ9 versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation. Avoid using the loop versioner with conditions that read fields and are moved out of the loop until the issue is resolved.

Correção

Race Condition

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-367

Identificadores relacionados

BDU:2019-03208
CESA-2019_2590
CVE-2019-11775
RHSA-2019:2494
RHSA-2019:2495
RHSA-2019:2585
RHSA-2019:2590
RHSA-2019:2592
RHSA-2019:2737
RHSA-2019_2494
RHSA-2019_2495
RHSA-2019_2585
RHSA-2019_2590
RHSA-2019_2592
SUSE-SU-2019:14160-1
SUSE-SU-2019:14188-1
SUSE-SU-2019:2291-1
SUSE-SU-2019:2336-1
SUSE-SU-2019:2371-1
SUSE-SU-2019_14160-1

Produtos afetados

Centos
Eclipse Openj9
Ibm Aix
Red Hat
Suse