PT-2023-32256 · Eclipse+4 · Eclipse Openj9+4

Marta Rybczynska

Published

2023-11-15

Updated

2025-02-19

CVE-2023-5676

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions prior to 0.41.0

Description The issue is related to a denial of service caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. This can lead to an infinite busy hang on a spinlock or a segmentation fault. A local authenticated attacker could exploit this by sending a specially crafted request.

Recommendations For Eclipse OpenJ9 versions prior to 0.41.0, update to version 0.41.0 or later to resolve the issue. As a temporary workaround, consider implementing signal handling mechanisms to prevent shutdown signals from being received before the JVM has finished initializing. Restrict access to the JVM during the initialization phase to minimize the risk of exploitation.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-364CWE-362

Related Identifiers

CESA-2024_0866

CVE-2023-5676

OPENSUSE-SU-2024:13455-1

OPENSUSE-SU-2024:13456-1

OPENSUSE-SU-2024:13457-1

OPENSUSE-SU-2024_0479-1

OPENSUSE-SU-2025:0066-1

OPENSUSE-SU-2025:0067-1

RHSA-2024:0866

RHSA-2024:0879

RHSA-2024_0866

RHSA-2024_0879

SUSE-SU-2023:4572-1

SUSE-SU-2023:4612-1

SUSE-SU-2023:4614-1

SUSE-SU-2024:0479-1

Affected Products

Centos

Eclipse Openj9

Ibm Aix

Red Hat

Suse

PT-2023-32256 · Eclipse+4 · Eclipse Openj9+4

CVE-2023-5676

Weakness Enumeration

Related Identifiers

Affected Products

References · 211