CVE-2022-3676

Опубликовано: 24 окт. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

Ссылки

https://github.com/eclipse-openj9/openj9/pull/16122
Patch
Third Party Advisory
https://github.com/eclipse/omr/pull/6773
Patch
Third Party Advisory
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389
Issue Tracking
Vendor Advisory
https://github.com/eclipse-openj9/openj9/pull/16122
Patch
Third Party Advisory
https://github.com/eclipse/omr/pull/6773
Patch
Third Party Advisory
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

Версия до 0.35.0 (исключая)

EPSS

Процентиль: 59%

0.0038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20

CWE-843

Связанные уязвимости

SUSE-SU-2023:0375-1

suse-cvrf

почти 3 года назад

Security update for java-1_8_0-ibm

SUSE-SU-2022:4602-1

suse-cvrf

около 3 лет назад

Security update for java-1_8_0-ibm

SUSE-SU-2022:4591-1

suse-cvrf

около 3 лет назад

Security update for java-1_7_1-ibm

GHSA-vw7j-6j6f-vm86

CVSS3: 6.5

github

больше 3 лет назад

SUSE-SU-2022:4250-1

suse-cvrf

около 3 лет назад

Security update for java-1_8_0-openj9

EPSS

Процентиль: 59%

0.0038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20

CWE-843