PT-2023-20394 · Eclipse+2 · Eclipse Openj9+2
Publicado
2023-05-22
·
Atualizado
2025-02-19
·
CVE-2023-2597
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Eclipse Openj9 versions prior to 0.38.0
Description
The issue is caused by improper bounds checking in the implementation of the shared cache, which is enabled by default in OpenJ9 builds. Specifically, the size of a string is not properly checked against the size of the buffer. This can lead to a buffer overflow, allowing a local authenticated attacker to execute arbitrary code on the system by using specially crafted input. The
getCachedUTFString() function is identified as the vulnerable component.Recommendations
For Eclipse Openj9 versions prior to 0.38.0, update to version 0.38.0 or later to resolve the issue.
As a temporary workaround, consider disabling the shared cache or restricting its use until a patch is available.
Exploit
Correção
Out of bounds Read
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Eclipse Openj9
Ibm Aix
Suse