PT-2021-1873 · Eclipse+4 · Eclipse Openj9+4

Peter Shipton

Published

2021-01-21

Updated

2021-03-15

CVE-2020-27221

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions up to and including 0.23

Description The issue is related to errors in handling UTF-8 encoded data. It may allow a remote attacker to execute arbitrary code. The problem occurs when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding, potentially leading to a stack-based buffer overflow.

Recommendations For Eclipse OpenJ9 versions up to and including 0.23, consider disabling the UTF-8 conversion functionality until a patch is available. Restrict access to the virtual machine or JNI natives to minimize the risk of exploitation. Avoid using the UTF-8 encoding in the affected virtual machine or JNI natives until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2021-00642

CESA-2021_0736

CVE-2020-27221

RHSA-2021:0717

RHSA-2021:0733

RHSA-2021:0736

RHSA-2021_0717

RHSA-2021_0733

RHSA-2021_0736

SUSE-SU-2021:0512-1

SUSE-SU-2021:0652-1

SUSE-SU-2021:0670-1

SUSE-SU-2021:14634-1

SUSE-SU-2021:14640-1

SUSE-SU-2021_14634-1

Affected Products

Centos

Eclipse Openj9

Ibm Aix

Red Hat

Suse

PT-2021-1873 · Eclipse+4 · Eclipse Openj9+4

CVE-2020-27221

Weakness Enumeration

Related Identifiers

Affected Products

References · 32