PT-2019-11656 · Oracle+5 · Java Se+5

Dan Heidinga

Published

2019-04-19

Updated

2021-10-28

CVE-2019-10245

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.14.0 Oracle Java SE (affected versions not specified)

Description: The issue involves incorrect handling in the Java bytecode verifier, allowing a method to execute past the end of the bytecode array, which can cause crashes. Additionally, there is an unspecified vulnerability related to the Java SE 2D component that could allow an unauthenticated attacker to take control of the system.

Recommendations: For Eclipse OpenJ9 versions prior to 0.14.0, update to version 0.14.0 or later to resolve the issue. For Oracle Java SE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-119

Related Identifiers

CESA-2019_1238

CVE-2019-10245

RHSA-2019:1163

RHSA-2019:1164

RHSA-2019:1165

RHSA-2019:1166

RHSA-2019:1238

RHSA-2019:1325

RHSA-2019_1163

RHSA-2019_1164

RHSA-2019_1165

RHSA-2019_1166

RHSA-2019_1238

SUSE-SU-2019:1308-1

SUSE-SU-2019:1308-2

SUSE-SU-2019:1345-1

SUSE-SU-2019:14059-1

SUSE-SU-2019:1644-1

SUSE-SU-2019_1308-1

SUSE-SU-2019_1308-2

SUSE-SU-2019_1345-1

SUSE-SU-2019_14059-1

SUSE-SU-2019_1644-1

Affected Products

Centos

Eclipse Openj9

Ibm Aix

Java Se

Red Hat

Suse

PT-2019-11656 · Oracle+5 · Java Se+5

CVE-2019-10245

Weakness Enumeration

Related Identifiers

Affected Products

References · 73