Описание
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Отчет
This issue affects the versions of the java-1.8.0-ibm package as shipped with Red Hat Satellite 5. However, OpenJ9 is loaded only by taskomatic and Tomcat. These 2 processes are listening on the loopback interface only. This flaw is not known to be remotely exploitable under any supported scenario in Satellite 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | java-1.7.1-ibm | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.7.1-ibm | Not affected | ||
| Red Hat Enterprise Linux 6 Supplementary | java-1.8.0-ibm | Fixed | RHSA-2019:0469 | 06.03.2019 |
| Red Hat Enterprise Linux 7 Supplementary | java-1.8.0-ibm | Fixed | RHSA-2019:0472 | 08.03.2019 |
| Red Hat Enterprise Linux 8 | java-1.8.0-ibm | Fixed | RHSA-2019:1238 | 16.05.2019 |
| Red Hat Satellite 5.8 | java-1.8.0-ibm | Fixed | RHSA-2019:0640 | 25.03.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Уязвимость компонента OpenJ9 JIT compiler виртуальной машины Eclipse OpenJ9, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3