PT-2023-20394 · Eclipse+2 · Eclipse Openj9+2

Published

2023-05-22

Updated

2025-02-19

CVE-2023-2597

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Openj9 versions prior to 0.38.0

Description The issue is caused by improper bounds checking in the implementation of the shared cache, which is enabled by default in OpenJ9 builds. Specifically, the size of a string is not properly checked against the size of the buffer. This can lead to a buffer overflow, allowing a local authenticated attacker to execute arbitrary code on the system by using specially crafted input. The getCachedUTFString() function is identified as the vulnerable component.

Recommendations For Eclipse Openj9 versions prior to 0.38.0, update to version 0.38.0 or later to resolve the issue. As a temporary workaround, consider disabling the shared cache or restricting its use until a patch is available.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-120

Related Identifiers

CVE-2023-2597

OPENSUSE-SU-2023_3305-1

OPENSUSE-SU-2024:13110-1

OPENSUSE-SU-2024:13130-1

OPENSUSE-SU-2024:13131-1

OPENSUSE-SU-2025:0066-1

OPENSUSE-SU-2025:0067-1

SUSE-SU-2023:2476-1

SUSE-SU-2023:2491-1

SUSE-SU-2023:3305-1

Affected Products

Eclipse Openj9

Ibm Aix

Suse

PT-2023-20394 · Eclipse+2 · Eclipse Openj9+2

CVE-2023-2597

Weakness Enumeration

Related Identifiers

Affected Products

References · 179