CVE-2019-10245

Опубликовано: 19 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

Ссылки

http://www.securityfocus.com/bid/108094
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1163
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1164
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1165
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1166
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1238
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1325
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588
Issue Tracking
Patch
Third Party Advisory
http://www.securityfocus.com/bid/108094
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1163
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1164
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1165
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1166
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1238
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1325
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

Версия до 0.14.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01589

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

CWE-119

Связанные уязвимости

CVE-2019-10245

CVSS3: 7.5

redhat

почти 7 лет назад

GHSA-jq73-mhwg-56vq

github

больше 3 лет назад

SUSE-SU-2019:1644-1

suse-cvrf

больше 6 лет назад

Security update for java-1_8_0-ibm

SUSE-SU-2019:14059-1

suse-cvrf

больше 6 лет назад

Security update for java-1_7_1-ibm

SUSE-SU-2019:1345-1

suse-cvrf

больше 6 лет назад

Security update for java-1_7_1-ibm

EPSS

Процентиль: 81%

0.01589

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

CWE-119