Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.

Published

2019-07-30T14:15:14.780

Last Modified

2024-11-21T04:21:46.147

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-367
Type: Primary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	openj9	< 0.15.0	Yes
Application	redhat	satellite	5.8	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

https://access.redhat.com/errata/RHSA-2019:2494 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2495 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2585 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2590 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2592 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2737 Third Party Advisory ([email protected])
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2494 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2495 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2585 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2590 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2592 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2737 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)