Product:

Openj9

(Eclipse)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2021-01-21 CVE-2020-27221 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. Openj9 9.8
2021-04-21 CVE-2021-28167 In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values. Openj9 6.5
2021-10-25 CVE-2021-41035 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. Openj9 9.8
2022-04-27 CVE-2021-41041 In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. Openj9, Java_se 5.3
2022-10-24 CVE-2022-3676 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. Openj9 6.5
2023-05-22 CVE-2023-2597 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. Openj9 9.1
2023-11-15 CVE-2023-5676 In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. Openj9 5.9