exploitDog

CVE-2025-1471

Опубликовано: 21 фев. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

Ссылки

https://github.com/eclipse-omr/omr/pull/7658
Patch
Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/55
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:omr:*:*:*:*:*:*:*:*

Версия от 0.2.0 (включая) до 0.4.0 (включая)

EPSS

Процентиль: 8%

0.00031

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

CWE-787

Связанные уязвимости

GHSA-w5mv-5x6q-jgmp

CVSS3: 7.8

github

12 месяцев назад

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.

EPSS

Процентиль: 8%

0.00031

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

CWE-787