PT-2023-32256 · Eclipse+4 · Eclipse Openj9+4

Marta Rybczynska

Publicado

2023-11-15

Atualizado

2025-02-19

CVE-2023-5676

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions prior to 0.41.0

Description The issue is related to a denial of service caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. This can lead to an infinite busy hang on a spinlock or a segmentation fault. A local authenticated attacker could exploit this by sending a specially crafted request.

Recommendations For Eclipse OpenJ9 versions prior to 0.41.0, update to version 0.41.0 or later to resolve the issue. As a temporary workaround, consider implementing signal handling mechanisms to prevent shutdown signals from being received before the JVM has finished initializing. Restrict access to the JVM during the initialization phase to minimize the risk of exploitation.

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-364CWE-362

Identificadores relacionados

CESA-2024_0866

CVE-2023-5676

OPENSUSE-SU-2024:13455-1

OPENSUSE-SU-2024:13456-1

OPENSUSE-SU-2024:13457-1

OPENSUSE-SU-2024_0479-1

OPENSUSE-SU-2025:0066-1

OPENSUSE-SU-2025:0067-1

RHSA-2024:0866

RHSA-2024:0879

RHSA-2024_0866

RHSA-2024_0879

SUSE-SU-2023:4572-1

SUSE-SU-2023:4612-1

SUSE-SU-2023:4614-1

SUSE-SU-2024:0479-1

Produtos afetados

Centos

Eclipse Openj9

Ibm Aix

Red Hat

Suse

PT-2023-32256 · Eclipse+4 · Eclipse Openj9+4

CVE-2023-5676

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 211